Prototype Pollution exploits collection

Related tags

Learning resource prototype-pollution-exploits
Overview

Prototype Pollution Exploits

Intro

This repository is a collection of exploits for Prototype Pollution vulnerability. If you're not familiar with the Prototype Pollution vulnerability, please have a look at another one of my repositories https://github.com/Kirill89/prototype-pollution-explained.

The goal of this project is not to collect every possible Prototype Pollution exploit, rather collect exploits for popular packages and in all possible variations – build a dataset for future Prototype Pollution research.

Structure

Exploits are stored in separate JS files, e.g. <package_name>/<method_name>/<payload_type>.js.

Additionally, each package folder has an MD file with exploits and list of vulnerable versions.

Exploits

Contributions

Feel free to open pull requests and add more exploits.

You might also like...

Decentralized Twitter prototype built with Polygon, GraphQL, Next.js, Ceramic, Arweave, and Bundlr

Decentralized Twitter prototype built with Polygon, GraphQL, Next.js, Ceramic, Arweave, and Bundlr

Titter - Web3 Social chat beta as fuck πŸ›  Built with Next.js, Arweave, Bundlr, Ceramic, GraphQL, & Polygon How it works This is a working prototype of

Dec 14, 2022

Perma is a prototype of permanent video storage and viewing using Next.js, Arweave, and Bundlr.

Perma is a prototype of permanent video storage and viewing using Next.js, Arweave, and Bundlr.

PERMA Perma is a prototype of permanent video storage and client-side rendering using Next.js, Arweave, and Bundlr. Technologies used: Arweave - File

Oct 22, 2022

Fries helps you prototype Android apps using HTML, CSS, and JavaScript.

Fries v2.0.5 Fries is an awesome mobile UI framework for Android apps using just HTML, CSS, and Javascript and is inspired by Ratchet. NOTE: Unfortuna

Dec 29, 2022

A prototype on how web3 technology can enable us to build an open, immutable, reproducible, and permanently accessible scientific record.

A prototype on how web3 technology can enable us to build an open, immutable, reproducible, and permanently accessible scientific record.

Web3 Research A prototype on how web3 technology can enable us to build an open, immutable, reproducible, and permanently accessible scientific record

Nov 27, 2022

Find all libraries on cdn.js that pollute your prototype

Who pollutes your prototype? (I wrote a blog post for this, English, δΈ­ζ–‡) One day, I was searching for a way to bypass Angular sandbox, and I found thi

Sep 27, 2022

Obsidian-Snippet-collection - A collection of snippet to customize obsidian

Obsidian-Snippet-collection - A collection of snippet to customize obsidian

This repo is a collection of CSS snippets for Obsidian.md. To install them on PC

Dec 22, 2022

A collection of (mostly) technical things every software developer should know about

Join our community for professional Software Developers and get more control over your life and career! Every Programmer Should Know πŸ€” A collection o

Jan 4, 2023

A curated collection of common interview questions to help you prepare for your next interview.

A curated collection of common interview questions to help you prepare for your next interview.

30 Seconds of Interviews A curated collection of common interview questions to help you prepare for your next interview. This README is built using ma

Jan 7, 2023

Collection of browser challenges

πŸ”₯ CTF browser challenges πŸ”₯ Collection of browser challenges Challenge CTF Difficulty Baby WASM RITSEC CTF 2021 ⭐ Kit Engine picoCTF 2021 ⭐ oob-v8 *C

Dec 15, 2022
Owner
Kirill
Kirill
GitHub
A collection of Discord hacks & exploits that is completely made using NodeJS.

ZeroDiscord A collection of Discord hacks & exploits that is completely made using NodeJS Before using any of these tools First off, all of the tools

OTAK 130 Jan 5, 2023
A collection of Revolt hacks, exploits & tools that is completely made using NodeJS.

ZeroRevolt A collection of Revolt hacks, exploits & tools that is completely made using NodeJS Tools Name Description userInformation Grab's the speci

OTAK 4 Aug 4, 2022
Services, Checkers and Exploits from saarCTF 2022

saarCTF 2022 Services from saarCTF 2022. Building services Enter a service directory and use docker-compose, e.g.: cd bytewarden docker-compose up --b

saarsec 14 Dec 7, 2022
In this repository, I try to perform a mainnet fork and then simulate popular smart contract exploits on various DEFI Protocols using Hardhat Framework.

defiHacks_via_Hardhat 1. Alchemix Access Control Bug Any user could have called setWhitelist() to give an attacker the ability to call the harvest fun

null 34 Dec 27, 2022
client-side prototype pullution vulnerability scanner

JSPanda JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyz

Red Section 46 Dec 25, 2022
Simple shopping cart prototype which shows how React components and Redux can be used to build a friendly user experience with instant visual updates and scalable code in e-commerce applications.

This simple shopping cart prototype shows how React components and Redux can be used to build a friendly user experience with instant visual updates a

Ivan Kuznietsov 3 Feb 8, 2022
Prototype of real-time comments and a proposal of how to make it "production-ready".

Real-time comments prototype Simple demonstration of real-time commenting. Installation After forking it, run npm install, then you need two environme

Tiger Abrodi 3 Jan 16, 2022
Blog-webapp - A simple webapp prototype that serves tech news, blogs, and anything else a developer might want to learn or get help with

Blog Web app A simple webapp prototype that serves tech news, blogs, and anythin

Sachit Yadav 6 Nov 3, 2022
Been interested, studying, and developing blockchain security with a Zero Knowledge Proof (ZKP) and create a prototype on the current issue with Philippine's upcoming election. πŸ“₯

Implementation of Zero Knowledge Proofs in Cryptographic Voting ?? Reference: Cryptographic Voting – A Gentle Introduction Overview ????‍?? The main i

Karl Joseph Saycon 2 Apr 11, 2022
A prototype snap for injecting gas fee prices into a confirmation window that also serves as the basis for a 5-minute Snaps tutorial

@Montoya/gas-fee-snap A simple Snap example based on @MetaMask/template-snap. Read below for a tutorial! Prerequisites Before you begin, make sure you

Christian Montoya 18 Dec 8, 2022