> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# Prototype Pollution

> Cross-platform resources for Prototype Pollution: curated HTB machines, PortSwigger labs and TryHackMe rooms with validated writeups and related skills.

# Prototype Pollution

This page aggregates **cross-platform resources to practice Prototype Pollution**: retired Hack The Box machines, PortSwigger Web Security Academy labs and TryHackMe rooms, plus curated resources (HackTricks, PortSwigger, etc.) and related skills.

## Curated resources

| Source      | Link                                                                                                                 |
| ----------- | -------------------------------------------------------------------------------------------------------------------- |
| PortSwigger | [https://portswigger.net/web-security/prototype-pollution](https://portswigger.net/web-security/prototype-pollution) |

## HTB machines practicing Prototype Pollution (1)

| Machine                                                   | OS    | Difficulty                                       |
| --------------------------------------------------------- | ----- | ------------------------------------------------ |
| [Unobtainium](/en/htb/machines/linux/dificil/unobtainium) | Linux | <span className="dbadge dbadge-hard">HARD</span> |

## PortSwigger labs practicing Prototype Pollution (9)

| Lab                                                                                                                                                                                                                   | Difficulty                                                 | Topic               | Official                                                                                                                                                        |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Exfiltrating sensitive data via server-side prototype pollution](/en/portswigger/labs/prototype-pollution/server-side-exfiltrating-sensitive-data-via-server-side-prototype-pollution)                               | <span className="dbadge dbadge-easy">APPRENTICE</span>     | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/server-side/lab-exfiltrating-sensitive-data-via-server-side-prototype-pollution)                |
| [Bypassing flawed input filters for server-side prototype pollution](/en/portswigger/labs/prototype-pollution/server-side-bypassing-flawed-input-filters-for-server-side-prototype-pollution)                         | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/server-side/lab-bypassing-flawed-input-filters-for-server-side-prototype-pollution)             |
| [Client-side prototype pollution in third-party libraries](/en/portswigger/labs/prototype-pollution/client-side-prototype-pollution-client-side-prototype-pollution-in-third-party-libraries)                         | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-client-side-prototype-pollution-in-third-party-libraries)   |
| [Client-side prototype pollution via flawed sanitization](/en/portswigger/labs/prototype-pollution/client-side-prototype-pollution-client-side-prototype-pollution-via-flawed-sanitization)                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-client-side-prototype-pollution-via-flawed-sanitization)    |
| [Detecting server-side prototype pollution without polluted property reflection](/en/portswigger/labs/prototype-pollution/server-side-detecting-server-side-prototype-pollution-without-polluted-property-reflection) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/server-side/lab-detecting-server-side-prototype-pollution-without-polluted-property-reflection) |
| [DOM XSS via an alternative prototype pollution vector](/en/portswigger/labs/prototype-pollution/client-side-prototype-pollution-dom-xss-via-an-alternative-prototype-pollution-vector)                               | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-dom-xss-via-an-alternative-prototype-pollution-vector)      |
| [DOM XSS via client-side prototype pollution](/en/portswigger/labs/prototype-pollution/client-side-prototype-pollution-dom-xss-via-client-side-prototype-pollution)                                                   | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-dom-xss-via-client-side-prototype-pollution)                |
| [Privilege escalation via server-side prototype pollution](/en/portswigger/labs/prototype-pollution/server-side-privilege-escalation-via-server-side-prototype-pollution)                                             | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/server-side/lab-privilege-escalation-via-server-side-prototype-pollution)                       |
| [Remote code execution via server-side prototype pollution](/en/portswigger/labs/prototype-pollution/server-side-remote-code-execution-via-server-side-prototype-pollution)                                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | Prototype Pollution | [Open](https://portswigger.net/web-security/prototype-pollution/server-side/lab-remote-code-execution-via-server-side-prototype-pollution)                      |

## TryHackMe rooms practicing Prototype Pollution (1)

| Room                                                                   | Difficulty                                       | Type        | Access  | Official                                               |
| ---------------------------------------------------------------------- | ------------------------------------------------ | ----------- | ------- | ------------------------------------------------------ |
| [Custom Tooling Using Python](/en/tryhackme/rooms/customtoolingpython) | <span className="dbadge dbadge-easy">EASY</span> | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/customtoolingpython) |

***

← [Back to the full glossary](/en/glossary)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"Prototype Pollution","termCode":"prototype-pollution","inLanguage":"en","url":"https://rootea.es/en/skills/prototype-pollution","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Tactical pentesting glossary","url":"https://rootea.es/en/glossary"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"HTB machines practicing Prototype Pollution","numberOfItems":1,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/en/htb/machines/linux/dificil/unobtainium","name":"Unobtainium"}]}`}
</script>

*Last updated: 2026-06-07*
