Skip to main content

Object Injection

Attack

  • __proto__.XX
  • constructor
  • hasOwnProperty
  • Insecure object comparison:
const token = req.cookie.token

// Vulnerability:
// SESSIONS[constructor] => `true`
if (token && SESSIONS[token])
  next()

Protection

  • crypto.timingSafeEqual
  • object.hasOwnProperty(token)