Exploit hoek
In lab directory, there is a package.json file. It installs an outdated version of hoek.Lets try to exploit the prototype pollution in it. Open the hoek.js file, with the following command: `nano hoek.js
The Hoek_merge method is vulnerable to prototype pollution. It means that if an object is passed to it as a second argument, it will overwrite properties on the object passed as first argument recursively.
By abusing the “proto” property on JavaScript object, try to overwrite the value of a.hasOwnProperty by just changing the value of the malicious_payload string.The new value of a.hasOwnProperty should be true.To modify the script run the following commands:
const malicious_payload= '{ "__proto__": { "hasOwnProperty": true } }';
To execute the script, enter the following command: `node hoek.js
Exploit lodash
Now let’s do the same thing in lodash.js: `nano lodash.js
Here, we won’t abuse the “proto”.This version of lodash is vulnerable but through another path.We will try to make the second console log print true.To do this, enter the following commands: `const malicious_payload = { hasOwnProperty: true };
And change the _.merge{} line with the following line: `Map.prototype.hasOwnProperty = malicious_payload.hasOwnProperty;
Run the command to execute the script: `node lodash.js