Bypass __proto__ string match defense

Some applications protect against prototype pollution by matching the string "__proto__". We can bypass that.
Created by: vitorfhc
Created on: Thursday, August 29, 2024 at 1:03:13 AM
Updated on: Thursday, April 10, 2025 at 2:10:54 PM
Vector type: JS
Vector charset: UTF-8
Template used:
s = "$[i]";
if (typeof s["$[chr]__proto__"] != "undefined") {
log(fromCodePoint($[i]));
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
s = "0";
if (typeof s["