SKILL: Prototype Pollution Advanced — RCE & Gadget Exploitation

AI LOAD INSTRUCTION: Advanced prototype pollution escalation. Covers server-side RCE via template engines (EJS, Pug, Handlebars), Node.js child_process gadgets, client-side script gadgets, filter bypass patterns, and systematic detection. Load ../prototype-pollution/SKILL.md first for fundamentals (merge sinks, __proto__ vs constructor.prototype, basic probes).

0. RELATED ROUTING

prototype-pollution — LOAD FIRST for PP fundamentals, merge-sink detection, basic probes
ssti-server-side-template-injection — template engine RCE context (PP often triggers through template gadgets)
xss-cross-site-scripting — client-side PP gadgets ultimately achieve XSS

Advanced Reference

Load KNOWN_GADGETS.md for the comprehensive gadget table by framework/library with polluted properties, trigger conditions, impact, and affected versions.

prototype-pollution-advanced

SKILL: Prototype Pollution Advanced — RCE & Gadget Exploitation

0. RELATED ROUTING

Advanced Reference

1. SERVER-SIDE PP → RCE

1.1 Node.js child_process.spawn — Shell/ENV Injection

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

api-sec

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse