Bypass __proto__ string match defense

Chrome logo 1

Some applications protect against prototype pollution by matching the string "__proto__". We can bypass that.

Created by: vitorfhc

Created on: Thursday, August 29, 2024 at 1:03:13 AM

Updated on: Tuesday, December 17, 2024 at 6:01:15 PM

Vector type: JS

Vector charset: UTF-8

Template used:
s = "$[i]";
if (typeof s["$[chr]__proto__"] != "undefined") {
    log(fromCodePoint($[i]));
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

s = "0";
if (typeof s["__proto__"] != "undefined") {
    alert(fromCodePoint(0));
}

Fuzz results

Chrome logo
Chrome 128.0.0.0 desktop macOS 10.15.7

Updated

Thu Aug 29 2024
Found 1 result
Loading...