Explore the critical security implications of Prototype Pollution vulnerabilities in JavaScript applications through this 40-minute Black Hat conference talk. Delve into how these vulnerabilities can be exploited beyond simple denial of service attacks, potentially leading to remote code execution. Discover the prevalence of exploitable gadgets in Node.js core code and popular NPM packages that can be triggered by Prototype Pollution. Learn about the research conducted by Mikhail Shcherbakov, analyzing Node.js source code for these dangerous gadgets and understanding the increased risk of exploitation in various applications. Gain valuable insights into this often underestimated security threat and its potential for severe consequences in JavaScript ecosystems.
Prototype Pollution Leads to RCE - Gadgets Everywhere
Overview
Syllabus
Prototype Pollution Leads to RCE: Gadgets Everywhere
Taught by
Black Hat
Related Courses
-
Prototype Pollution Leading to Remote Code Execution in NodeJS
-
Using Chromedp to Hunt for Prototype Pollution
-
Server Side Prototype Pollution - Blackbox Detection Without The DoS
-
Prototype Pollution Attacks in NodeJS Applications
-
Server-Side Prototype Pollution: Detection and Exploitation Techniques - OWASP AppSec Dublin
-
Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana
