all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting prototype pollution in Node without the filesystem

Add to bookmarks
March 23, 2023, 3 p.m. |

PortSwigger Research portswigger.net

In this post, we'll introduce a new exploitation technique for Server-Side Prototype Pollution. If you've detected SSPP (maybe using one of our black-box techniques), the next step towards RCE is to f

box exploitation exploiting filesystem node prototype rce server techniques

Visit resource

More from portswigger.net / PortSwigger Research

Refining your HTTP perspective, with bambdas 3 days, 23 hours ago | portswigger.net
clue cors headers http +9
Introducing SignSaboteur: forge signed web tokens with ease 1 week, 3 days ago | portswigger.net
authentication authorization beyond depth +9
Making Desync attacks easy with TRACE 2 months, 1 week ago | portswigger.net
attacks can constraints easy +8
Using form hijacking to bypass CSP 2 months, 3 weeks ago | portswigger.net
bypass can configuration csp +6
Top 10 web hacking techniques of 2023 3 months, 1 week ago | portswigger.net
community hacking identify research +7
Hiding payloads in Java source code strings 4 months, 1 week ago | portswigger.net
abuse can code conceal +5
Top 10 web hacking techniques of 2023 - nominations open 4 months, 3 weeks ago | portswigger.net
blog blog posts community hacking +8
Finding that one weird endpoint, with Bambdas 5 months, 2 weeks ago | portswigger.net
act balancing act concepts endpoint +6
Blind CSS Exfiltration: exfiltrate unknown web pages 5 months, 3 weeks ago | portswigger.net
css discover exfiltration gif +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com