Prototype pollution (not to be confused with Parameter pollution)is a little-known bug. Unlike SQL Injection or XSS, Prototype pollution is not well documented. In this blog let’s understand how to exploit this bug in the wild.

Image Credits: Portswigger

What is a prototype?

JavaScript is a prototype-based language. So, whenever we create a function using JavaScript, the JavaScript Engine adds a prototype property inside the function. The prototype property is basically an object (also known as…


In PHP “==” is used to compare values of two variables, but like PHP the “==” comparison is also weird. When comparing a string and an integer using “==”, PHP will try to convert the string to an integer and then do the comparison. Let’s see how we can exploit it,

Image credits: Google

Now imagine a website with a hardcoded password (not a good idea )

if($_POST['password'] == "password")

What if we provide 0 (integer) as input? As the “password” string has no number in it, the condition will return true.

“abc” == int(0)


You should die is a web challenge with 60 points,

Website:


PwnQL 1 and 2 are web challenges with points 50 and 75 respectively,

Website:


Wild Goose Hunt is a web-based challenge with the difficulty of 2 stars,


CAAS is a web-based challenge with a difficulty of two stars,


MiniSTRyplace is a web-based challenge with a difficulty of one star,

Let’s start by reading the source code from the folder provided,


RCE allows an attacker to execute code on a vulnerable machine and the CVSS severity level of RCE is critical (well what more do you need than that?)

Image Credits: Google

Note: Check out this blog for more PHP Pwning and to learn why PHP is targeted.

System:

<?php
$cmd = $_GET[‘cmd’];
system($cmd); ?>

http://www.example.com/?cmd=command

PHP documentation warns developers not you use it without an input sanitization function.


Challenges: Sessions, Dababy web

1.Sessions:


I used to think if a device is not exposed to the public internet, it is safe, because bad actors cannot access them as it has NAT (Network Address Translation) and a firewall in front of the device. Well, let us uncover the truth.

Note: A bit about me, I have been hacking for a while now I have gained some good knowledge in web security. To feed my curiosity I have decided to read all the nominated Web Techniques by Portswigger. This blog series will contain my takeaways from my learning.
https://portswigger.net/research/top-10-web-hacking-techniques-of-2020

This blog is not intended for complete…

Mudhalai Mr

<>AKA Gowtham Student at SASTRA Deemed university, Core team member DSC SASTRA </>

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store