GitBook: [master] one page modified

2021-06-01 19:26:19 +00:00 · 2021-06-01 19:26:19 +00:00 · c8d5002d7c
commit c8d5002d7c
parent 789afb4226
1 changed files with 5 additions and 0 deletions
--- a/pentesting-web/deserialization/nodejs-proto-prototype-pollution.md
+++ b/pentesting-web/deserialization/nodejs-proto-prototype-pollution.md
@ -514,6 +514,11 @@ requests.post(TARGET_URL + '/vulnerable', json = {
 requests.get(TARGET_URL)
 ```

+## Client-side prototype pollution to XSS
+
+* [https://portswigger.net/web-security/cross-site-scripting/cheat-sheet\#prototype-pollution](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution)
+* [https://github.com/BlackFan/client-side-prototype-pollution](https://github.com/BlackFan/client-side-prototype-pollution)
+
 ## What can I do to prevent?

 * Freeze properties with Object.freeze \(Object.prototype\)