all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How to exploit an API using prototype pollution

Add to bookmarks
July 4, 2023, 4 p.m. | Dana Epp

Security Boulevard securityboulevard.com

Learn how to use server-side prototype pollution (SSPP) to abuse an API written in NodeJS for privilege escalation and remote code execution.


The post How to exploit an API using prototype pollution appeared first on Dana Epp's Blog.


The post How to exploit an API using prototype pollution appeared first on Security Boulevard.

abuse api api hacking techniques blog code code execution epp escalation exploit learn privilege privilege escalation prototype remote code remote code execution security server written

Visit resource

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs 12 hours ago | securityboulevard.com
access authors bing bugs +16
The Real Risk is Not Knowing Your Real Risk: Perspectives from Asia Pacific Tour with … 1 day, 1 hour ago | securityboulevard.com
asia asia pacific balbix customer +15
DD2345 Military Critical Technical Data Agreement and CMMC 1 day, 2 hours ago | securityboulevard.com
agreement business can cmmc +9
Airsoft Data Breach Exposes Data of 75,000 Players 1 day, 3 hours ago | securityboulevard.com
airsoft attack surface authentication breach +31
Get SOAR Savvy Before RSAC 2024: 5 Reads to Level Up Your SOC 1 day, 4 hours ago | securityboulevard.com
and response automation check d3 security +24
Cloud Monitor Automation Thwarts Phishing & Malware Emails 1 day, 5 hours ago | securityboulevard.com
automation chief cloud cybersecurity +27
MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’ 1 day, 7 hours ago | securityboulevard.com
computing conference eve francisco +19
Palo Alto Networks Extends SASE Reach to Unmanaged Devices 1 day, 7 hours ago | securityboulevard.com
alto devices devops devsecops +20
USENIX Security ’23 – Cryptographic Deniability: A Multi-perspective Study of User Perceptions and Expectations 1 day, 8 hours ago | securityboulevard.com
access authors channel conference +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

DevSecOps Engineer

@ Material Bank | Remote
View on infosec-jobs.com

Instrumentation & Control Engineer - Cyber Security

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Consultant

@ Tenable | MD - Columbia - Headquarters
View on infosec-jobs.com

Management Consultant - Cybersecurity - Internship

@ Wavestone | Hong Kong, Hong Kong
View on infosec-jobs.com

TRANSCOM IGC - Cybersecurity Engineer

@ IT Partners, Inc | St. Louis, Missouri, United States
View on infosec-jobs.com

Manager, Security Operations Engineering (EMEA)

@ GitLab | Remote, EMEA
View on infosec-jobs.com
View more jobs