https://dreamhack.io/wargame/challenges/643/
filestorage라는 재밌는 문제를 접하게 되어 pp를 공부하게 되었다.
아래 링크는 pp에 대한 자세한 내용이 나와있다.
https://learn.snyk.io/lessons/prototype-pollution/javascript/
https://blog.coderifleman.com/2019/07/19/prototype-pollution-attacks-in-nodejs/
https://github.com/HoLyVieR/prototype-pollution-nsec18
https://www.youtube.com/watch?v=LUsiFV3dsK8&ab_channel=NorthSec
요약
const obj1 = {};
console.log(obj1.__proto__ === Object.prototype); // true
obj1.__proto__.polluted = 1;
const obj2 = {};
console.log(obj2.polluted); // 1
til' CTF WIN