Server-side prototype pollution
APPRENTICE
Why is server-side prototype pollution more difficult to detect?
APPRENTICE
Detecting server-side prototype pollution via polluted property reflection
APPRENTICE
Detecting server-side prototype pollution via polluted property reflection - Continued
APPRENTICE
Detecting server-side prototype pollution via polluted property reflection - Continued
APPRENTICE
Lab: Privilege escalation via server-side prototype pollution
PRACTITIONER
Detecting server-side prototype pollution without polluted property reflection
APPRENTICE
Status code override
APPRENTICE
Status code override - Continued
APPRENTICE
JSON spaces override
APPRENTICE
JSON spaces override - Continued
APPRENTICE
Charset override
APPRENTICE
Charset override - Continued
APPRENTICE
Charset override - Continued
APPRENTICE
Lab: Detecting server-side prototype pollution without polluted property reflection
PRACTITIONER
Scanning for server-side prototype pollution sources
APPRENTICE
Scanning for server-side prototype pollution sources - Continued
APPRENTICE
Bypassing input filters for server-side prototype pollution
APPRENTICE
Lab: Bypassing flawed input filters for server-side prototype pollution
PRACTITIONER
Remote code execution via server-side prototype pollution
APPRENTICE
Identifying a vulnerable request
APPRENTICE
Identifying a vulnerable request - Continued
APPRENTICE
Remote code execution via child_process.fork()
APPRENTICE
Lab: Remote code execution via server-side prototype pollution
PRACTITIONER
Remote code execution via child_process.execSync()
APPRENTICE
Remote code execution via child_process.execSync() - Continued
APPRENTICE
Remote code execution via child_process.execSync() - Continued
APPRENTICE