Merge pull request #610 from Swiftrix/Swiftrix-patch-1
Update prototype-pollution-to-rce.md
This commit is contained in:
commit
b54069ccaf
@ -51,7 +51,7 @@ var proc = fork('a_file.js');
|
||||
|
||||
## PP2RCE via env vars
|
||||
|
||||
**PP2RCE** means **Prototype Pollution to RCE** (Remote Coxe Execution).
|
||||
**PP2RCE** means **Prototype Pollution to RCE** (Remote Code Execution).
|
||||
|
||||
According to this [**writeup**](https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/) when a **process is spawned** with some method from **`child_process`** (like `fork` or `spawn` or others) it calls the method `normalizeSpawnArguments` which a **prototype pollution gadget to create new env vars**:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user