Summary
Once you've confirmed prototype pollution exists, this is what you load to turn it into code execution. Covers the full escalation path: server-side RCE through template engine gadgets (EJS, Pug, Handlebars) and child_process pollution, client-side script gadgets in jQuery and Lodash, and practical bypass techniques when __proto__ is filtered. The gadget reference table alone is worth it. Includes black-box detection methods that work without source access and covers the constructor.prototype alternative when filters block the obvious path. This assumes you already understand merge sinks and basic pollution mechanics from the companion prototype-pollution skill.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill prototype-pollution-advanced --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →First SeenJun 3, 2026
