DEV Community

Cover image for Exploits Ep - 1: From Prototype Pollution to a 100% Discount

Exploits Ep - 1: From Prototype Pollution to a 100% Discount

Adnan Hashmi on August 03, 2024

Imagine this: You're browsing your favourite online shop, adding those must-have items to your cart, when suddenly, a hacker decides to crash your ...
cvam01 profile image
shivam singh

Okay this is what I call quality content🔥

adnanhashmi09 profile image
Adnan Hashmi

Thank you :)
Glad you liked it

jayantbh profile image
Jayant Bhawal

Crazy that libs like jquery and lodash had been affected by it!

Could functional style of programming limit the existence of this vuln?

adnanhashmi09 profile image
Adnan Hashmi

Huh! A good food for thought.
Maybe a topic for another blog. 😉

shivamchhuneja profile image
Shivam Chhuneja

Always 50% off sale going on?

array_dot_reduce profile image
Bhaskar Ghale

Has this ever been an IRL concern outside some reported vulns?

adnanhashmi09 profile image
Adnan Hashmi

Of course it is. Prototype pollution can lead to more sever attacks like XSS, RCE, bypassing authentication, request forgery and the list goes on. And prototype pollution is very easy to exploit as we saw in this blog. :)

samadyarkhan profile image
Samad Yar Khan

Didn't know about this. Brilliant!

adnanhashmi09 profile image
Adnan Hashmi

The more you know :)

_tauqeerahmad profile image
Tauqeer Ahmad

Now, this is cool!

adnanhashmi09 profile image
Adnan Hashmi

Thank you :)

jhewt profile image

That's great if you want to have a rock solid frontend, free of probably scams or phishings using this, but I'd add a clarification that this will never work if there is server side checks on all items, discount codes and prices... no one in the right mind would trust a price value coming from the frontend.

vipindevelops profile image
Vipin Chaudhary

What an Amazing read brother 🔥
Waiting for next one