Server side prototype pollution, how to detect and exploit
ID: 084e581c-8020-515b-b4dc-79d59da87fd1
STIX ID: report--084e581c-8020-515b-b4dc-79d59da87fd1
Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed
Threat Score
This blog-style report explains prototype pollution in JavaScript, describes techniques and tooling (pp-finder) to detect server-side pollution in Node.js servers (Express, Fastify), and presents gadget-based proof-of-concept exploits (RCE, XSS, SSRF, Docker socket abuse) targeting popular libraries including Vue 3, JSDOM, Axios, Got and Fastify.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
