Prototype Pollution Lab

Navigate to

http://ctf.m3.wtf/pplab1.html?__proto__[custom]=polluted

and check if the custom property is set

You can use console.log({}.custom); for this Or you can simply enter custom in the dev tools

You can see that sometimes we may not directly achieve some attacks like XSS but the prototype is still polluted.

The code snippet used in this lab is below.

<script src="https://cdnjs.cloudflare.com/ajax/libs/can.js/6.6.0/core.min.js"></script>
<script>
  can.deparam(location.search.slice(1))
</script>

Writeup & Vulnerable Code Snippet