all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Prototype Pollution Leads to RCE: Gadgets Everywhere

Add to bookmarks
Sept. 29, 2023, 7:05 p.m. | Black Hat

Black Hat www.youtube.com

Many have heard about Prototype Pollution vulnerabilities in JavaScript applications. This kind of vulnerability allows an attacker to inject properties into an object's root prototype that may lead to flow control alteration and unexpected program behavior. Every time a successful exploit looks like magic or is limited to a denial of service (DoS). Would you be surprised if I told you that every application has a chain of methods that can be triggered by Prototype Pollution and leads to arbitrary …

applications attacker control denial of service dos exploit flow gadgets inject javascript javascript applications magic may object pollution program prototype rce root service vulnerabilities vulnerability

Visit resource

More from www.youtube.com / Black Hat

Startup Spotlight Competition at Black Hat 2 days, 6 hours ago | www.youtube.com
bhusa blackhat cybersecurity infosec +1
Locknote: Conclusions and Key Takeaways from Day 2 3 weeks ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 3 weeks ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 3 weeks ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 3 weeks, 1 day ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 3 weeks, 1 day ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 3 weeks, 5 days ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 3 weeks, 5 days ago | www.youtube.com
analysis ask bad codeql +10
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 3 weeks, 6 days ago | www.youtube.com
attacks call cloudflare detection +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs