This research explores techniques for identifying prototype pollution vulnerabilities by sending requests that
trigger slight changes in server responses, proving the effectiveness of this detection method. Prototype
pollution is a significant cybersecurity issue and flaw that arises when an attacker manipulates JavaScript’s
prototype inheritance to alter an object’s prototype. Detecting this vulnerability on the server side in a black
box setting is challenging and can unintentionally cause denial-of-service incidents. Such alterations may allow
attackers to tamper with a "gadget" property, which could later be exploited in a vulnerable function.
This study confirms the possibility of safely detecting prototype pollution in a black-box environment by
observing subtle shifts in server behavior. Multiple approaches are used to automate the discovery of these
vulnerabilities. [29,11]