Prototype pollution example

prototype-pollution.js

const u1 = {firstName: 'Foo'}
const u2 = {firstName: 'John'}

const body = JSON.parse('{"__proto__": {"admin": true}}')

function vulnerableExtend(dst, src) {
  Object.entries(src)
    .forEach(([k, v]) => {
      if (k in dst) {
        vulnerableExtend(dst[k], src[k]);
      } else {
        dst[k] = src[k];
      }
    })
}

console.log(u1.admin)
console.log(u2.admin)

vulnerableExtend(u1, body);

console.log(u1.admin)
console.log(u2.admin)