When new objects are created, they carry over the properties and methods of the prototype “object”. In Javascript, prototypes define an object’s structure and properties, so that the application knows how to deal with the data. Remote Code Execution – by tampering with the application source code to force the code path that the attacker injects.Denial of Service – by triggering JavaScript exceptions.Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain, resulting in either: This includes their magical attributes such as _proto_, constructor and prototype.Īn attacker is able to manipulate these attributes to overwrite, or pollute a JavaScript application object prototype of the base object, by injecting other values. JavaScript allows all Object attributes to be altered. Prototype Pollution is a vulnerability that allows attackers to exploit the rules of the JavaScript programming language, by injecting properties into existing JavaScript language construct prototypes, such as Objects to compromise applications in various ways.
0 Comments
Leave a Reply. |