Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JavaScript object prototype Poisoning

Tags:

I was trying to learn how object.prototype function in javascript then I came across this snippet of code .which I don't understand?

// Poisoning Object.prototype
Object.prototype.bar = 1;
var foo = {goo: undefined};

foo.bar; // 1
'bar' in foo; // true

foo.hasOwnProperty('bar'); // false
foo.hasOwnProperty('goo'); // true

foo has the property bar which is defined in the line number 3 and having the value of undefined .Please guide then why foo.hasOwnProperty('bar') returns false in this case

like image 658
ankyAS Avatar asked Aug 02 '16 06:08

ankyAS

People also ask

What is prototype poisoning?

Prototype Pollution is a vulnerability that allows attackers to exploit the rules of the JavaScript programming language, by injecting properties into existing JavaScript language construct prototypes, such as Objects to compromise applications in various ways. JavaScript allows all Object attributes to be altered.

What is an example of prototype pollution?

A prototype pollution exploitation starts when threat actors inject a payload into an input, like a URL, that builds the client-side logic or application rendering. For example, a URL parser can assign JavaScript objects properties without verifying if the target property is linked correctly to the Object prototype.

What is one method for stopping exploitations of an Object and preventing prototype pollution?

Freeze the Object.prototype freeze() method could freeze an object so that the object is no longer able to be modified.

How do you inject AST?

Collect 5 cm3 of blood in a plain (red top) vacutainer. Centrifuge at 3000 r.p.m. for 10 min. Use a 5 cm3 syringe and separate serum, and inject 2.5 ml of the serum deep intramuscularly into the gluteus muscle with a 22 no needle. Repeat the procedure for 8 weeks; later, fortnightly injections are advised.

1 Answers

All objects in JavaScript are descended from Object. all objects inherit methods and properties from Object.prototype.

In your example when you try to get the foo.bar, it doesn't find bar in the foo, so it is going to the prototype of the foo and tries to find it there.

hasOwnProperty - only checks a property which is exactly in the your foo.

Here is what your foo looks like

enter image description here

For deep understanding you can read this chapter.

You Don't Know JS

like image 129
Suren Srapyan Avatar answered Sep 28 '22 03:09

Suren Srapyan
Sign in to Comment

Related questions

How to traverse all files, and support pause and continue
Rearrange Code shortcut in Resharper doesn't work in VS2015
Set a check constraint for text array in Postgresql
Output iterator adapter to count but not copy
Using ElasticSearch's script_upsert to create a document
Android - Seekbar with text following
How to prevent confidential data from being included in WebPack bundles
Go - append to slice on struct does not persist
Apply condition on pandas columns to create a boolen indexing array
How/Where asp.net mvc handle decoding and of the action methods parameters
Why does apply(x, 1, paste0(collapse="") leave white space between positive values?
How to pass and remove a selected options value

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!