#PrototypePollution hashtag - Bluesky

@checkmarxzero.bsky.social

3 months ago

At its core, this is a prototype-pollution flaw—dangerous on its own—but in Elysia’s validation/merge logic, it becomes a stepping stone to full RCE under the server’s authority.
#PrototypePollution #WebSecurity #SupplyChainSecurity #BackendSecurity 🧵2/5

0 0 1 0

Mikhail Shcherbakov

@yu5k3.bsky.social

1 year ago

DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov YouTube video by DEFCONConference

If I ever had to record a motivation video, this talk would be it 😅 Check it out and don't let "unexploitable" stop you! youtu.be/H-bhmSwnRdY

#defcon32 #bugbounty #rce #prototypepollution #nodejs #npm

1 0 0 0

Mikhail Shcherbakov

@yu5k3.bsky.social

1 year ago

🛠 Breaking out of isolated containers via RCE-by-design.
💥 Turning Prototype Pollution from "just a DoS" into full #RCE with new gadgets in #Nodejs and #NPM packages.
🧩 Combining an "unexploitable" highly-restricted #PrototypePollution with a fixed one to achieve RCE.

0 0 1 0