logo

Server side prototype pollution, how to detect and exploit

ID: 084e581c-8020-515b-b4dc-79d59da87fd1

STIX ID: report--084e581c-8020-515b-b4dc-79d59da87fd1

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
75/100

Date Published: 2023-02-15

Date Updated: 2026-07-04

...
...

This blog-style report explains prototype pollution in JavaScript, describes techniques and tooling (pp-finder) to detect server-side pollution in Node.js servers (Express, Fastify), and presents gadget-based proof-of-concept exploits (RCE, XSS, SSRF, Docker socket abuse) targeting popular libraries including Vue 3, JSDOM, Axios, Got and Fastify.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.