What is a Prototype?

A prototype is a mechanism in JavaScript used to inherit properties and methods from one object to another.

What is Prototype Pollution?

Prototype pollution is a JavaScript vulnerability that allows an attacker to add arbitrary properties to an object’s prototype, which can be exploited to perform malicious actions.

Impact of Prototype Pollution

1. Client-side: Can lead to DOM-based XSS (Cross-Site Scripting)
2. Server-side: Can lead to Remote Code Execution (RCE) , privilege escalation

How to Prevent Prototype Pollution

• Sanitize property keys to prevent unintended keys from being added.
• Use Object.freeze() to prevent changes to prototype objects.
• Prevent objects from inheriting properties unnecessarily.
• Using safer alternatives when possible to avoid modifying prototypes directly.

Checklist to Test for Prototype Pollution in Client-Side JavaScript

To exploit this vulnerability, you typically need:

1. Source: Any input that can be used to inject properties into Object.prototype.
2. Sink: A JavaScript function or DOM element where the payload can be executed.
3. Exploit Gadget: Code that allows payloads to be injected without sanitization or filtering.