ET HUNTING Javascript Prototype Pollution Attempt via __proto__ in HTTP Body - Suricata Rule 2066197 (et/open)

ET HUNTING Javascript Prototype Pollution Attempt via proto in HTTP Body

SID: 2066197Rev: 12 viewsHistory

Sourceet/open

CreatedDecember 9, 2025

UpdatedDecember 9, 2025

Classificationweb-application-activity

alert http any any -> $HOME_NET any (msg:"ET HUNTING Javascript Prototype Pollution Attempt via __proto__ in HTTP Body"; flow:established,to_server; http.request_body; content:"__proto__"; pcre:"/[\x22\x27\x3a\x5b\x2e\x3f\x23\x26]__proto__(?:[\x2e\x3a\x5b\x5d]|\x5c?[\x22\x27]|\x25(?:2[eE]|3[aA]|5[bBdD]))/"; reference:url,portswigger.net/web-security/prototype-pollution; classtype:web-application-activity; sid:2066197; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_12_09, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_12_09; target:dest_ip;)

References

url	portswigger.net/web-security/prototype-pollution

Metadata

attack targetServer

tls stateTLSDecrypt

created at2025_12_09

deploymentSSLDecrypt

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2025_12_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!