back
loading skill details...
>-
SKILL: Prototype Pollution Advanced — RCE & Gadget Exploitation AI LOAD INSTRUCTION: Advanced prototype pollution escalation. Covers server-side RCE via template engines (EJS, Pug, Handlebars), Node.js child_process gadgets, client-side script gadgets, filter bypass patterns, and systematic detection. Load ../prototype-pollution/SKILL.md first for fundamentals (merge sinks, __proto__ vs constructor.prototype, basic probes). 0. RELATED ROUTING prototype-pollution — LOAD FIRST for PP fundamentals, merge-sink detection, basic probes ssti-server-side-template-injection — template engine RCE context (PP often triggers through template gadgets) xss-cross-site-scripting — client-side PP gadgets ultimately achieve XSS Advanced Reference Load KNOWN_GADGETS.md for the comprehensive gadget table by framework/library with polluted properties, trigger conditions, impact, and affected versions. 1. SERVER-SIDE PP → RCE 1.1 Node.js child_process.spawn — Shell/ENV Injection
don't have the plugin yet? install it then click "run inline in claude" again.