Back to directory

WRITEUP #4154

Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge

OtherPrototype pollution

by@spaceraccoonsec(Eugene Lim)

Program

Node.js third-party modules

Published

Dec 23, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://spaceraccoon.dev/supply-chain-pollution-hunting-a-16-million-download-week-npm-package

▸ RELATED WRITEUPS

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Part 2: From Byovdll To Arbitrary Code Execution In Lsass

OtherUse-After-Free

Built with ❤️ by Shubham Rawat