![Matan Berson Profile](https://pbs.twimg.com/profile_images/1755904009896902656/UYXhpe2o_x96.jpg)
Matan Berson
@MtnBer
Followers
3K
Following
1K
Statuses
231
Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker
Joined May 2020
RT @samwcyo: New blog post with @infosec_au: We found a vulnerability in Subaru where an attacker, with just a license plate, could retrie…
0
302
0
I’m very excited to be part of the team! I can’t wait to collaborate with all of these amazing hackers and learn from them
The moments when I'm most proud of CTBB Podcast are the moments when we're discussing original, HQ research on the pod. So, that's why we're starting the Critical Research Lab with this tremendously talented group of researchers:
5
2
107
RT @orange_8361: Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pr…
0
229
0
RT @ctbbpodcast: We made it, y'all! 100 Episodes. We put together a banger for y'all to celebrate: 8 crazy bugs from top hackers giveawa…
0
17
0
RT @kevin_mizu: I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is availab…
0
176
0
@liran_tal @WeizmanGal You should note this if you do plan to look into this idea further
@WeizmanGal @we1x @MtnBer @ddworken @arturjanc You can't make a shim out of this proposal because the `prototype` property is still there, which is why it needs to be done at the language level. At Google, we delete the `__proto__` property and freeze top level prototypes, which isn't as nice as what the proposal achieves :)
1
0
1
@salchoman @WeizmanGal @we1x @ddworken @arturjanc Ahh that’s interesting. I’d love to look deeper into what are some properties that native functions use internally. I recently had a really cool bug come out of the fact that the array stringifier looks at the array’s join property.
1
0
2
@salchoman @WeizmanGal @we1x @ddworken @arturjanc If the constructor property is also changed to be a symbol, then that should only be a problem when accessing the properties of a class right?
1
0
2
@WeizmanGal That's an interesting proposal. I think it should be possible to "opt into" it just by running some JS on page load. Here is my attempt
Here's a code snippet that as far as I can tell pretty much solves prototype pollution. It's based on and after running it you can access an object's prototype with object[Symbol.instanceProto], and object["__proto__"] will be undefined.
0
0
2