SKILL: Prototype Pollution — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert prototype pollution for client and server JS. Covers __proto__ vs constructor.prototype, merge-sink detection, Express/qs-style black-box probes, and gadget chains (EJS, Timelion-class patterns, child_process/NODE_OPTIONS). Assumes you know object spread and prototype inheritance — focus is on parser behavior and post-pollution sinks.

Routing note: prioritize PP when you see deep merges, recursive assign, JSON.parse followed by Object.assign, or URL queries converted to nested objects.

0. QUICK START

Client-side first probes

#__proto__[polluted]=1
#__proto__[polluted]=polluted
#constructor[prototype][polluted]=1

When input can reflect into DOM or framework routing, pair with alert(1) / console checks to observe whether global object properties were polluted.

prototype-pollution

SKILL: Prototype Pollution — Expert Attack Playbook

0. QUICK START

Client-side first probes

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

api-sec

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse