Hit the Ground Running with Prototype Pollution
ATT&CK techniques detected
T1176.001Browser Extensions
56%
"- of - concept exploit! sinks are places in the code where you can modify the prototype object, such as a url parameter that is unsafely handled by the application. gadgets are locations where polluted objects can be leveraged for exploitation. dom invader makes finding sinks and…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176Software Extensions
53%
"- of - concept exploit! sinks are places in the code where you can modify the prototype object, such as a url parameter that is unsafely handled by the application. gadgets are locations where polluted objects can be leveraged for exploitation. dom invader makes finding sinks and…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
47%
"attacker could simply add the administrative property to the ‘ _ _ proto _ _ ’ object, which elevates privilege for the request. remember that every object which is created after prototype pollution is exploited is affected. conclusion with the prevalence of javascript api ’ s, t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Isaac Burton // For as long as we have known about prototype pollution vulnerabilities, there has been confusion on what they are and how they can be exploited. We’re going […]
The post Hit the Ground Running with Prototype Pollution appeared first on Black Hills Information Security, Inc..