Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

JS Gadget

Antonin | Last updated: Jul 18, 2024 05:53AM UTC

Hi ! I am having a hard time with the term Gadget. I don't understand what a gadget is, what it does. The more I see the term being used in the course, the more confuse I become. The definition provided in the course goes like this: > A gadget provides a means of turning the prototype pollution vulnerability into an actual exploit. What is A MEANS? It's vague. Later on, one can read: > A property cannot be a gadget. So at least we know a prototype property is not a gadget. So what is it!? More confusing, https://portswigger.net/web-security/prototype-pollution reads: Successful exploitation of prototype pollution requires the following key components: 1. ... 2. ... 3. An exploitable gadget - This is any property that is passed into a sink without proper filtering or sanitization. So a gadget is Property!? ???? Other examples of usage of the word in context: > Once you identify that server-side prototype pollution is possible, you can then look for potential gadgets to use for an exploit. Another example: > If the website's developers haven't set a transport_url property on their config object, this is a potential gadget. What in the world is a JS gadget?

Ben, PortSwigger Agent | Last updated: Jul 18, 2024 08:40AM UTC

Hi Antonin, The following page provides a description of both gadgets and the use of gadget chains: https://portswigger.net/web-security/deserialization/exploiting#gadget-chains

Antonin | Last updated: Jul 23, 2024 04:12AM UTC

Hi Ben, this is perfect, thank you !

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.