ET HUNTING Javascript Prototype Pollution Attempt via prototype in HTTP URI
Sourceet/open
CreatedDecember 9, 2025
UpdatedDecember 9, 2025
Classificationweb-application-activity
alert http any any -> $HOME_NET any (msg:"ET HUNTING Javascript Prototype Pollution Attempt via prototype in HTTP URI"; flow:established,to_server; http.uri; content:"prototype"; pcre:"/constructor.{0,4}(?:[\x22\x27\x5b\x2e]|\x25(?:2[27]|5[bB]|2[eE]))prototype(?:[\x2e\x5b\x5d]|\x5c?[\x22\x27]|\x25(?:2[eE]|5[bBdD]))/"; reference:url,portswigger.net/web-security/prototype-pollution; classtype:web-application-activity; sid:2066198; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_12_09, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2025_12_09; target:dest_ip;)
References
Metadata
attack targetServer
tls stateTLSDecrypt
created at2025_12_09
deploymentSSLDecrypt
performance impactModerate
confidenceMedium
signature severityMajor
updated at2025_12_09
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!