ProtoType-Pollution

Reference

• https://blog.s1r1us.ninja/research/PP
• https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/
• https://www.netspi.com/blog/technical-blog/web-application-pentesting/ultimate-guide-to-prototype-pollution/
• https://www.tenable.com/blog/identifying-prototype-pollution-vulnerabilities-using-tenable-io-web-application-scanning
• https://github.com/BlackFan/client-side-prototype-pollution
• https://blog.huli.tw/2022/05/02/en/intigriti-revenge-challenge-author-writeup/
• https://www.cobalt.io/blog/a-pentesters-guide-to-prototype-pollution-attacks
• https://learn.snyk.io/lesson/prototype-pollution/
• https://www.vaadata.com/blog/what-is-prototype-pollution-exploitations-and-security-tips/
• https://brightsec.com/blog/prototype-pollution/
• https://www.intruder.io/research/server-side-prototype-pollution
• https://blog.doyensec.com/2024/02/17/server-side-prototype-pollution-Gadgets-scanner.html
• https://yinzhicao.org/ProbetheProto/ProbetheProto.pdf
• https://www.sonarsource.com/blog/blitzjs-prototype-pollution/
• https://fast-check.dev/blog/2023/09/21/detect-prototype-pollution-automatically/
• https://labs.detectify.com/security-guidance/what-is-a-prototype-pollution-vulnerability-and-how-does-page-fetch-help/
• https://dl.acm.org/doi/pdf/10.1145/3468264.3468542
• https://github.com/dottif/prototype-pollution-static-analysis
• https://aszx87410.github.io/beyond-xss/en/ch3/prototype-pollution/
• https://www.synack.com/blog/persisting-through-a-client-side-prototype-pollution/
• https://www.politesi.polimi.it/retrieve/f8cc6d41-3524-4132-b4a2-4175290df14e/2022_04_Dotti.pdf
• https://hackmd.io/@meowhecker/SkSueJc22
• https://www.blackhillsinfosec.com/hit-the-ground-running-with-prototype-pollution/
• https://www.nodejs-security.com/blog/understanding-and-preventing-prototype-pollution-in-nodejs
• https://book.jorianwoltjer.com/languages/javascript/prototype-pollution
• https://blog.vidocsecurity.com/blog/beginners-guide-to-understanding-client-prototype-pollution/
• https://www.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers.html
• https://www.ndss-symposium.org/ndss-paper/auto-draft-207/
• https://labs.withsecure.com/publications/prototype-pollution-primer-for-pentesters-and-programmers
• https://www.wallarm.com/what/prototype-pollution
• https://www.scip.ch/en/?labs.20230119
• https://www.acunetix.com/vulnerabilities/web/prototype-pollution/
• https://swisskyrepo.github.io/PayloadsAllTheThings/Prototype%20Pollution/
• https://arxiv.org/html/2407.10812v1
• https://blog.huli.tw/2021/09/29/en/prototype-pollution/
• https://hackernoon.com/how-to-exploit-prototype-pollution
• https://www.veracode.com/blog/secure-development/yet-another-perspective-prototype-pollution
• https://tcm-sec.com/getting-started-with-prototype-pollution/
• https://news.ycombinator.com/item?id=26872281
• https://payatu.com/blog/prototype-pollution-vulnerabilities/
• https://alex-labs.com/understanding-and-mitigating-the-prototype-pollution-vulnerability/
• https://arxiv.org/pdf/2311.03919
• https://exploit-notes.hdks.org/exploit/web/security-risk/prototype-pollution-in-server-side/
• https://blog.abdulrah33m.com/prototype-pollution-in-python/
• https://www.usenix.org/system/files/sec23summer_432-shcherbakov-prepub.pdf
• https://gitnation.com/contents/prototype-pollution-in-javascript
• https://pt-br.tenable.com/blog/identifying-prototype-pollution-vulnerabilities-using-tenable-io-web-application-scanning
• https://www.dopethemes.com/understanding-javascript-prototype-pollution-and-how-to-prevent-it/
• https://people.kth.se/~musard/research/pubs/www24.pdf
• https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894
• https://www.websecuritylens.org/prototype-pollution-an-overlooked-application-security-hole/
• https://spyboy.blog/2024/09/23/understanding-and-preventing-javascript-prototype-pollution/
• https://notes.incendium.rocks/pentesting-notes/web/prototype-pollution
• https://tldrsec.com/p/tldr-sec-170
• https://kth.diva-portal.org/smash/get/diva2:1800437/FULLTEXT01.pdf
• https://x.com/TomNomNom/status/1402260932256993283
• file:///Users/amirrezafadaeizadehbidari/Downloads/Prototypepollution2024.pdf
• https://www.linkedin.com/pulse/exploiting-server-side-prototype-pollution-vulnerability-node-1f/
• https://webapp.tymyrddin.dev/docs/techniques/pollution
• https://exploit-notes.hdks.org/exploit/web/security-risk/prototype-pollution-in-client-side/
• https://www.researchgate.net/publication/354058044_Detecting_Nodejs_prototype_pollution_vulnerabilities_via_object_lookup_analysis
• https://huntr.com/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467
• https://news.ycombinator.com/item?id=21598127
• https://www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665
• https://www.jerkeby.se/newsletter/posts/prototype-poisoning/
• https://semgrep.dev/r?q=javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop
• https://openreview.net/forum?id=92H7Bxy8tV&referrer=%5Bthe%20profile%20of%20Cristian-Alexandru%20Staicu%5D(%2Fprofile%3Fid%3D~Cristian-Alexandru_Staicu2)
• https://ponyfoo.com/articles/how-to-avoid-objectprototype-pollution
• https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
• https://openreview.net/pdf?id=OO1T2D6cYA
• https://kth.diva-portal.org/smash/get/diva2:1799661/FULLTEXT01.pdf
• https://joaxcar.com/blog/2024/01/26/hunting-for-prototype-pollution-gadgets-in-jquery-intigriti-0124-challenge/
• https://ieeexplore.ieee.org/document/10646867