Hey!
We’ve published the OSINT Village lineup.
OSINT is a rising topic in the Hacking community:the collection, analysis, and dissemination of information that is publicly available and legally accessible.
Prototype Pollution and where to find them 🇫🇷
Prototype pollution is a vulnerability in JavaScript applications that can have varying impacts depending on the complexity and nature of the affected app. It exploits the prototype inheritance feature of JavaScript, which allows objects to inherit properties and methods. By manipulating the prototype chain of an object, an attacker can introduce malicious properties, leading to unexpected behavior and potentially allowing the attacker to execute arbitrary code.
In this talk, we will first give an overview of JavaScript prototypes and prototype pollution attacks. We will then introduce a new tool we have developed to assist ourselves in identifying gadgets by instrumenting the source code. This allows it to aid in whitebox audits, enabling researchers to easily identify vulnerabilities in large codebase. Finally, we will demonstrate how the tool is used during a live demo targeting popular JavaScript libraries. Our goal is to help researchers and developers understand the potential impacts of prototype pollution and learn how to identify and exploit these vulnerabilities in JavaScript applications.
Bitk
Sakiir
