W-PROTOTYPE-SERVERExecution

Server-Side Prototype Pollution → RCE

Polluting Object.prototype in Node lets you set unexpected child-process / spawn options leading to RCE.

§ Where this technique fits

W-PROTOTYPE-SERVER is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Server-side prototype pollution → auth bypass → RCE
Merge / clone helper on user input pollutes Object.prototype. A later code path reads `isAdmin` from a fresh object and gets true — then a child-process gadget reaches RCE.
step 2 / 5

§ What commonly comes next

01
Broken Function Level Authorization (API BFLA)
W-BFLA · Privilege Escalation
seen 1×
02
Command and Scripting Interpreter
T1059 · Execution
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Server-side prototype pollution → auth bypass → RCE

§ What commonly comes next