Prototype Pollution Exploits

Intro

This repository is a collection of exploits for Prototype Pollution vulnerability. If you're not familiar with the Prototype Pollution vulnerability, please have a look at another one of my repositories https://github.com/Kirill89/prototype-pollution-explained.

The goal of this project is not to collect every possible Prototype Pollution exploit, rather collect exploits for popular packages and in all possible variations – build a dataset for future Prototype Pollution research.

Structure

Exploits are stored in separate JS files, e.g. <package_name>/<method_name>/<payload_type>.js.

Additionally, each package folder has an MD file with exploits and list of vulnerable versions.

Exploits

Utility libraries
- lodash
- set-value
- dot-prop
- merge
- deepmerge
- merge-deep
- object-path
- extend
- just-safe-set
- dset
Parsers
- yargs-parser
- minimist
- ini
- open-graph
Databases
- nedb
Server
- express-fileupload

Contributions

Feel free to open pull requests and add more exploits.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
deepmerge		deepmerge
dot-prop		dot-prop
dset		dset
express-fileupload		express-fileupload
extend		extend
ini		ini
just-safe-set		just-safe-set
lodash		lodash
merge-deep		merge-deep
merge		merge
minimist		minimist
nedb		nedb
object-path		object-path
open-graph		open-graph
set-value		set-value
yargs-parser		yargs-parser
.gitignore		.gitignore
README.md		README.md
exception-handler.js		exception-handler.js
make-md.sh		make-md.sh
run-all.sh		run-all.sh

Kirill89/prototype-pollution-exploits

Folders and files

Latest commit

History

Repository files navigation

Prototype Pollution Exploits

Intro

Structure

Exploits

Contributions

About

Resources

Stars

Watchers

Forks

Languages