# Prototype pollution

- [¿Prototype Pollution?](/web/prototype-pollution/prototype-pollution.md)
- [Lab 1: Client-side prototype pollution via browser APIs](/web/prototype-pollution/lab-1-client-side-prototype-pollution-via-browser-apis.md): https://portswigger.net/web-security/prototype-pollution/client-side/browser-apis/lab-prototype-pollution-client-side-prototype-pollution-via-browser-apis
- [Utilizando DOM Invader](/web/prototype-pollution/lab-1-client-side-prototype-pollution-via-browser-apis/utilizando-dom-invader.md)
- [Lab 2: DOM XSS via client-side prototype pollution](/web/prototype-pollution/lab-2-dom-xss-via-client-side-prototype-pollution.md): https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-dom-xss-via-client-side-prototype-pollution
- [Lab 3: DOM XSS via an alternative prototype pollution vector](/web/prototype-pollution/lab-3-dom-xss-via-an-alternative-prototype-pollution-vector.md): https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-dom-xss-via-an-alternative-prototype-pollution-vector
- [Utilizando DOM Invader](/web/prototype-pollution/lab-3-dom-xss-via-an-alternative-prototype-pollution-vector/utilizando-dom-invader.md)
- [Lab 4: Client-side prototype pollution via flawed sanitization](/web/prototype-pollution/lab-4-client-side-prototype-pollution-via-flawed-sanitization.md): https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-client-side-prototype-pollution-via-flawed-sanitization
- [Lab 5: Client-side prototype pollution in third-party libraries](/web/prototype-pollution/lab-5-client-side-prototype-pollution-in-third-party-libraries.md): https://portswigger.net/web-security/prototype-pollution/client-side/lab-prototype-pollution-client-side-prototype-pollution-in-third-party-libraries
- [Lab 6: Privilege escalation via server-side prototype pollution](/web/prototype-pollution/lab-6-privilege-escalation-via-server-side-prototype-pollution.md): https://portswigger.net/web-security/prototype-pollution/server-side/lab-privilege-escalation-via-server-side-prototype-pollution
- [Lab 7: Detecting server-side prototype pollution without polluted property reflection](/web/prototype-pollution/lab-7-detecting-server-side-prototype-pollution-without-polluted-property-reflection.md): https://portswigger.net/web-security/prototype-pollution/server-side/lab-detecting-server-side-prototype-pollution-without-polluted-property-reflection
- [Lab 8: Bypassing flawed input filters for server-side prototype pollution](/web/prototype-pollution/lab-8-bypassing-flawed-input-filters-for-server-side-prototype-pollution.md): https://portswigger.net/web-security/prototype-pollution/server-side/lab-bypassing-flawed-input-filters-for-server-side-prototype-pollution
- [Lab 9: Remote code execution via server-side prototype pollution](/web/prototype-pollution/lab-9-remote-code-execution-via-server-side-prototype-pollution.md): https://portswigger.net/web-security/prototype-pollution/server-side/lab-remote-code-execution-via-server-side-prototype-pollution
- [Lab 10: Exfiltrating sensitive data via server-side prototype pollution](/web/prototype-pollution/lab-10-exfiltrating-sensitive-data-via-server-side-prototype-pollution.md): https://portswigger.net/web-security/prototype-pollution/server-side/lab-exfiltrating-sensitive-data-via-server-side-prototype-pollution