Original Post: Server-Side Prototype Pollution Scanner | Blog
The post by Gareth Heyes, published on March 13, 2023, provides detailed instructions on using the Server-Side Prototype Pollution Scanner, an automated open-source tool integrated with Burp Suite to detect server-side prototype pollution vulnerabilities. The article explains how to install the scanner from the Burp Suite BApp Store and how to utilize it to exploit a vulnerability in a Web Security Academy lab. Steps include launching the lab, mapping the target, scanning for prototype pollution, and checking results. Additionally, the tutorial details exploiting the detected vulnerability to escalate privileges, demonstrating how to manipulate the isAdmin property to gain administrative access. The post concludes by encouraging readers to apply these techniques to other applications and offers additional resources for further learning on server-side prototype pollution.
Go here to read the Original Post