AlpacaMark: DOM Clobbering with Prototype Pollution and iframe's credentialless Trick
This is a writeup for AlpacaMark, a challenge I created for AlpacaHack Round 11 (Web). Due to an unintended solution, I released a revised version called "AlpacaMark Revenge" after the CTF.
Result:
Congratulations to icesfont for the first blood!
Keywords:
- DOM Clobbering
- Prototype Pollution
- iframe's
credentialless
attribute