Explore the critical security implications of Prototype Pollution vulnerabilities in JavaScript applications through this 40-minute Black Hat conference talk. Delve into how these vulnerabilities can be exploited beyond simple denial of service attacks, potentially leading to remote code execution. Discover the prevalence of exploitable gadgets in Node.js core code and popular NPM packages that can be triggered by Prototype Pollution. Learn about the research conducted by Mikhail Shcherbakov, analyzing Node.js source code for these dangerous gadgets and understanding the increased risk of exploitation in various applications. Gain valuable insights into this often underestimated security threat and its potential for severe consequences in JavaScript ecosystems.
Overview
Syllabus
Prototype Pollution Leads to RCE: Gadgets Everywhere
Taught by
Black Hat