Problem statement:
- application takes in user input as a string that is dynamically evaluated on the server side
- if such input is unsanitized it can open to the door for a wide-range of vulnerabilities
- Some can be exploited on client side, while others are related to server side. This thesis would focus on the latter
Long thesis version:
1. Server side - detection
- Checking for source code vulnerabilities in a systematic or automated way
- Identifying sink holes (possible points of vulnerabilities)
2. Exploitation
- Prototype pollution
Possible for short thesis:
- Choose either detection or exploitation
Read more on JavaScript and prototype pollution:
- https://www.youtube.com/watch?v=IIwgeZgZFBo
- https://crashtest-security.com/javascript-vulnerabilities/
- https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications