Episode 26: Client-side Quirks & Browser Hacks
Critical Thinking - Bug Bounty Podcast
00:00
How to Scan for Prototype Pollution
Garrett: Prototype pollution is a bug that I just kind of thought was like researchy, you know, like it's everywhere. And again, I think this is one of those, those artifacts of like legacy support where they're now in a place where if they were to change how that endpoint works for like a JSON PM endpoint, then stuff that's using it in the past may break because they're using it incorrectly. So now it's like vulnerable by design, but they can't fix it. Because they can't migrate people away from itBecause it's like hard coded and other websites using a semicolon in theirJSON back. If they engineered it like that, their site
Transcript
Play full episode
