Skip to content

Instantly share code, notes, and snippets.

@yjaaidi
Created October 2, 2019 13:24
Show Gist options
  • Save yjaaidi/0136a9dbea62f0efd6fbead32d261da4 to your computer and use it in GitHub Desktop.
Save yjaaidi/0136a9dbea62f0efd6fbead32d261da4 to your computer and use it in GitHub Desktop.
Prototype pollution example
const u1 = {firstName: 'Foo'}
const u2 = {firstName: 'John'}
const body = JSON.parse('{"__proto__": {"admin": true}}')
function vulnerableExtend(dst, src) {
Object.entries(src)
.forEach(([k, v]) => {
if (k in dst) {
vulnerableExtend(dst[k], src[k]);
} else {
dst[k] = src[k];
}
})
}
console.log(u1.admin)
console.log(u2.admin)
vulnerableExtend(u1, body);
console.log(u1.admin)
console.log(u2.admin)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment