Imagine we have this website.

Open the Debbuger in the browser and see the New Protortype created for the search logger function.

now let’s Pollute the Prototype

<https://0afc002e04d2a5d5824e43ab008100c7.web-security-academy.net/?__proto__[evil]=test>

notice that we Polluted the objects

Now let’s read the source code carefully.

Please notice that we have the Prototype transport_url and if it set the code create a javascript tag and append the value of it to the source of the script.

Now let’s exploit it

<https://0a0600df046c733586671793009b00f9.web-security-academy.net/?__proto__[transport_url]=data:text/javascript,alert(%22Uzumaki%20Remo%22)>