prototype-pollution-nsec18
Prototype pollution attack
An analysis of a vulnerability in JavaScript where an attacker can manipulate the prototype of base objects to inject malicious values
Content released at NorthSec 2018 for my talk on prototype pollution
515 stars
12 watching
79 forks
Language: JavaScript
last commit: 6 months ago
Linked from 1 awesome list
Related projects:
Repository | Description | Stars |
---|---|---|
hackvertor/server-side-prototype-pollution | Scans for prototype pollution vulnerabilities in server-side applications | 7 |
snyk-labs/nopp | Protects against Prototype Pollution vulnerabilities in JavaScript objects by freezing specific built-in objects. | 25 |
fastify/secure-json-parse | A JSON parser with additional security features to prevent prototype pollution | 225 |
hynekpetrak/malware-jail | Sandbox for analyzing and understanding JavaScript malware | 462 |
nodesecure/cli | Analyzes JavaScript package or local Node.js project for security vulnerabilities and provides detailed reports. | 367 |
o-o-overflow/dc2019q-ooops | A proof-of-concept project demonstrating a vulnerability in a proxy service to exploit a universal cross-site scripting bug and access restricted internal websites. | 13 |
sonatype-nexus-community/auditjs | Tools to scan npm packages for known vulnerabilities and outdated dependencies. | 224 |
prevade/cloudjack | Checks AWS accounts for subdomain hijacking vulnerabilities | 84 |
scotty-c/dirty-cow-poc | A proof-of-concept demonstrating the vulnerability of unsecured containers to privilege escalation attacks | 12 |
hapijs/bourne | Provides a drop-in replacement for JSON parsing with built-in protection against prototype poisoning vulnerabilities | 170 |
neuralegion/sectester-js-demo-broken-crystals | A demo project to integrate the SecTester JS SDK framework into unit tests and CI pipelines for vulnerability testing | 0 |
wekeo/atmoshack2018 | A collection of resources and datasets to help solve atmospheric pollution challenges using Copernicus data | 5 |
18dew/project-basil | Decentralized platform for IT vendors to share vulnerability information | 9 |
hynekpetrak/javascript-malware-collection | A repository of JavaScript malware samples collected over time. | 683 |
vysecurity/cve-2018-4878 | Exploits a vulnerability in outdated Shockwave Flash player to gain control of Internet Explorer and execute malicious code. | 87 |