Explore a DEF CON 31 conference talk that delves into the critical security implications of Prototype Pollution vulnerabilities in JavaScript applications, focusing specifically on how they can lead to Remote Code Execution (RCE) in NodeJS. Learn how attackers can inject properties into object prototypes to alter program flow beyond simple denial of service attacks, with researchers discovering exploitable gadgets throughout Node.js core code and popular NPM packages. Understand the findings from an extensive analysis of 15 popular Node.js applications that revealed 8 RCE vulnerabilities, and discover how recent Node.js updates are addressing these security concerns. Master the technical details of detected gadgets and vulnerabilities while gaining insights into the broader implications for JavaScript application security.
Prototype Pollution Leading to Remote Code Execution in NodeJS
Overview
Syllabus
DEF CON 31 - Prototype Pollution Leads to Remote Code Execution in NodeJS - Shcherbakov, Balliu
Taught by
DEFCONConference
Related Courses
-
Prototype Pollution Leads to RCE - Gadgets Everywhere
-
JavaScript Security
-
OpenPrinting CUPS Remote Code Execution Exploit Chain: What You Should Know
-
CVE-2024-43491 Windows Update Remote Code Execution: What You Should Know
-
Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana
-
Prototype Pollution Attacks in NodeJS Applications
