Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

Prototype pollution

This learning path introduces you to prototype pollution vulnerabilities in JavaScript. You'll learn what prototype pollution is, how it can be exploited, and how to prevent it in your applications.

Contents

Get started: What is prototype pollution?

0 of 65

GET STARTED

What is prototype pollution? 0 of 1

What is prototype pollution? APPRENTICE Get started

JavaScript prototypes and inheritance 0 of 8

What is an object in JavaScript? APPRENTICE

What is an object in JavaScript? - Continued APPRENTICE

What is a prototype in JavaScript? APPRENTICE

How does object inheritance work in JavaScript? APPRENTICE

How does object inheritance work in JavaScript? - Continued APPRENTICE

The prototype chain APPRENTICE

Accessing an object's prototype using __proto__ APPRENTICE

Modifying prototypes APPRENTICE

How do prototype pollution vulnerabilities arise? 0 of 2

How do prototype pollution vulnerabilities arise? APPRENTICE

How do prototype pollution vulnerabilities arise? - Continued APPRENTICE

Prototype pollution sources 0 of 3

Prototype pollution sources APPRENTICE

Prototype pollution via the URL APPRENTICE

Prototype pollution via JSON input APPRENTICE

Prototype pollution sinks 0 of 1

Prototype pollution sinks APPRENTICE

Prototype pollution gadgets 0 of 2

Prototype pollution gadgets APPRENTICE

Example of a prototype pollution gadget APPRENTICE

Client-side prototype pollution 0 of 11

Finding client-side prototype pollution sources manually APPRENTICE

Finding client-side prototype pollution sources using DOM Invader APPRENTICE

Finding client-side prototype pollution gadgets manually APPRENTICE

Finding client-side prototype pollution gadgets using DOM Invader APPRENTICE

Lab: DOM XSS via client-side prototype pollution PRACTITIONER

Lab: DOM XSS via an alternative prototype pollution vector PRACTITIONER

Prototype pollution via the constructor APPRENTICE

Bypassing flawed key sanitization APPRENTICE

Lab: Client-side prototype pollution via flawed sanitization PRACTITIONER

Prototype pollution in external libraries APPRENTICE

Lab: Client-side prototype pollution in third-party libraries PRACTITIONER

Prototype pollution via browser APIs 0 of 5

Prototype pollution via browser APIs APPRENTICE

Prototype pollution via fetch() APPRENTICE

Prototype pollution via fetch() - Continued APPRENTICE

Prototype pollution via Object.defineProperty() APPRENTICE

Lab: Client-side prototype pollution via browser APIs PRACTITIONER

Server-side prototype pollution 0 of 27

Server-side prototype pollution APPRENTICE

Why is server-side prototype pollution more difficult to detect? APPRENTICE

Detecting server-side prototype pollution via polluted property reflection APPRENTICE

Detecting server-side prototype pollution via polluted property reflection - Continued APPRENTICE

Detecting server-side prototype pollution via polluted property reflection - Continued APPRENTICE

Lab: Privilege escalation via server-side prototype pollution PRACTITIONER

Detecting server-side prototype pollution without polluted property reflection APPRENTICE

Status code override APPRENTICE

Status code override - Continued APPRENTICE

JSON spaces override APPRENTICE

JSON spaces override - Continued APPRENTICE

Charset override APPRENTICE

Charset override - Continued APPRENTICE

Charset override - Continued APPRENTICE

Lab: Detecting server-side prototype pollution without polluted property reflection PRACTITIONER

Scanning for server-side prototype pollution sources APPRENTICE

Scanning for server-side prototype pollution sources - Continued APPRENTICE

Bypassing input filters for server-side prototype pollution APPRENTICE

Lab: Bypassing flawed input filters for server-side prototype pollution PRACTITIONER

Remote code execution via server-side prototype pollution APPRENTICE

Identifying a vulnerable request APPRENTICE

Identifying a vulnerable request - Continued APPRENTICE

Remote code execution via child_process.fork() APPRENTICE

Lab: Remote code execution via server-side prototype pollution PRACTITIONER

Remote code execution via child_process.execSync() APPRENTICE

Remote code execution via child_process.execSync() - Continued APPRENTICE

Remote code execution via child_process.execSync() - Continued APPRENTICE

Preventing prototype pollution 0 of 5

Preventing prototype pollution vulnerabilities APPRENTICE

Sanitizing property keys APPRENTICE

Preventing changes to prototype objects APPRENTICE

Preventing an object from inheriting properties APPRENTICE

Using safer alternatives where possible APPRENTICE