原型污染攻击与客户端HTML过滤器绕过技术分析<\/h1>

1. 原型污染基础<\/h2>

1.1 JavaScript原型继承机制<\/h3>
JavaScript采用基于原型的继承模型，与传统的基于类的继承不同：<\/p>
每个对象都有一个原型（__proto__<\/code>或通过Object.getPrototypeOf<\/code>获取）<\/li>
访问对象属性时，JS引擎会沿着原型链向上查找<\/li>
Object.prototype<\/code>是所有对象的最终原型（除非显式设置为null<\/code>）<\/li>
<\/ul>
const<\/span> obj<\/span> =<\/span> { prop1<\/span>:<\/span> 111<\/span>, prop2<\/span>:<\/span> 222<\/span> };
<\/span><\/span>obj<\/span>.toString<\/span>(); \/\/ 来自Object.prototype的默认方法
<\/span><\/span><\/span><\/code><\/pre>1.2 原型污染原理<\/h3>
通过修改Object.prototype<\/code>，可以影响所有JavaScript对象的行为：<\/p>
Object.prototype<\/span>.admin<\/span> =<\/span> true<\/span>;
<\/span><\/span>const<\/span> user<\/span> =<\/span> { userid<\/span>:<\/span> 123<\/span> };
<\/span><\/span>if<\/span> (user<\/span>.admin<\/span>) {
<\/span><\/span>    console<\/span>.log<\/span>('You are an admin'<\/span>); \/\/ 会被执行
<\/span><\/span><\/span><\/span>}
<\/span><\/span><\/code><\/pre>1.3 原型污染的产生条件<\/h3>
通常由不安全的对象合并操作引起：<\/p>
function<\/span> recursiveMerge<\/span>(obj1<\/span>, obj2<\/span>) {
<\/span><\/span>    for<\/span> (let<\/span> key<\/span> in<\/span> obj2<\/span>) {
<\/span><\/span>        if<\/span> (key<\/span> in<\/span> obj1<\/span>) {
<\/span><\/span>            recursiveMerge<\/span>(obj1<\/span>[key<\/span>], obj2<\/span>[key<\/span>]);
<\/span><\/span>        } else<\/span> {
<\/span><\/span>            obj1<\/span>[key<\/span>] =<\/span> obj2<\/span>[key<\/span>];
<\/span><\/span>        }
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span>
<\/span><\/span>\/\/ 攻击示例
<\/span><\/span><\/span><\/span>const<\/span> obj1<\/span> =<\/span> {};
<\/span><\/span>const<\/span> obj2<\/span> =<\/span> JSON<\/span>.parse<\/span>('{"__proto__":{"x":1}}'<\/span>);
<\/span><\/span>recursiveMerge<\/span>(obj1<\/span>, obj2<\/span>); \/\/ 污染Object.prototype
<\/span><\/span><\/span><\/code><\/pre>关键点<\/strong>：<\/p>

JSON.parse<\/code>将__proto__<\/code>视为普通属性而非原型访问器<\/li>
许多流行库（如lodash、jQuery）曾存在此类漏洞<\/li>
<\/ul>
2. 原型污染与HTML过滤器绕过<\/h2>
2.1 HTML过滤器工作原理<\/h3>
HTML过滤器通过白名单机制净化HTML输入，防止XSS攻击：<\/p>
<!-- 输入 --><\/span>
<\/span><\/span><h1<\/span>>Header<\/h1<\/span>>This is <b<\/span>>some<\/b<\/span>> <i<\/span>>HTML<\/i<\/span>><script<\/span>>alert<\/span>(1<\/span>)<\/script<\/span>>
<\/span><\/span>
<\/span><\/span><!-- 输出 --><\/span>
<\/span><\/span><h1<\/span>>Header<\/h1<\/span>>This is <b<\/span>>some<\/b<\/span>> HTML
<\/span><\/span><\/code><\/pre>2.2 白名单实现方式<\/h3>
2.2.1 数组方式（安全）<\/h4>
const<\/span> ALLOWED_ELEMENTS<\/span> =<\/span> ["h1"<\/span>, "i"<\/span>, "b"<\/span>, "div"<\/span>];
<\/span><\/span>\/\/ 原型污染无法影响数组长度或已有索引
<\/span><\/span><\/span><\/code><\/pre>2.2.2 对象方式（易受攻击）<\/h4>
const<\/span> ALLOWED_ELEMENTS<\/span> =<\/span> {
<\/span><\/span> "h1"<\/span>:<\/span> true<\/span>,
<\/span><\/span> "i"<\/span>:<\/span> true<\/span>,
<\/span><\/span> "b"<\/span>:<\/span> true<\/span>,
<\/span><\/span> "div"<\/span>:<\/span> true<\/span>
<\/span><\/span>};
<\/span><\/span>\/\/ 原型污染可添加新属性
<\/span><\/span><\/span><\/span>Object.prototype<\/span>.SCRIPT<\/span> =<\/span> true<\/span>; \/\/ 绕过检查
<\/span><\/span><\/span><\/code><\/pre>3. 主流HTML过滤器分析<\/h2>
3.1 sanitize-html<\/h3>
默认配置<\/strong>：<\/p>
allowedTags<\/span>:<\/span> ['h3'<\/span>, 'h4'<\/span>, 'h5'<\/span>, 'h6'<\/span>, 'blockquote'<\/span>, 'p'<\/span>, 'a'<\/span>, 'ul'<\/span>, 'ol'<\/span>, 'nl'<\/span>, 'li'<\/span>, 'b'<\/span>, 'i'<\/span>, 'strong'<\/span>, 'em'<\/span>, 'strike'<\/span>, 'abbr'<\/span>, 'code'<\/span>, 'hr'<\/span>, 'br'<\/span>, 'div'<\/span>, 'table'<\/span>, 'thead'<\/span>, 'caption'<\/span>, 'tbody'<\/span>, 'tr'<\/span>, 'th'<\/span>, 'td'<\/span>, 'pre'<\/span>, 'iframe'<\/span>],
<\/span><\/span>allowedAttributes<\/span>:<\/span> {
<\/span><\/span>  a<\/span>:<\/span> ['href'<\/span>, 'name'<\/span>, 'target'<\/span>],
<\/span><\/span>  img<\/span>:<\/span> ['src'<\/span>]
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>绕过方法<\/strong>：<\/p>
Object.prototype<\/span>['*'<\/span>] =<\/span> ['onload'<\/span>];
<\/span><\/span>\/\/ 允许所有标签的onload属性
<\/span><\/span><\/span><\/code><\/pre>防御机制<\/strong>：<\/p>

使用hasOwnProperty<\/code>检查属性（但对通配符*<\/code>无效）<\/li>
<\/ul>
3.2 xss库<\/h3>
绕过方法<\/strong>：<\/p>
Object.prototype<\/span>.whiteList<\/span> =<\/span> {
<\/span><\/span>  img<\/span>:<\/span> ['src'<\/span>, 'onerror'<\/span>]
<\/span><\/span>};
<\/span><\/span>\/\/ 允许img标签的onerror属性
<\/span><\/span><\/span><\/code><\/pre>3.3 DOMPurify<\/h3>
绕过方法1<\/strong>：<\/p>
Object.prototype<\/span>.ALLOWED_ATTR<\/span> =<\/span> ['onerror'<\/span>, 'src'<\/span>];
<\/span><\/span><\/code><\/pre>绕过方法2<\/strong>（更隐蔽）：<\/p>
Object.prototype<\/span>.documentMode<\/span> =<\/span> 9<\/span>; \/\/ 禁用过滤器
<\/span><\/span><\/span><\/code><\/pre>3.4 Google Closure库<\/h3>
绕过方法<\/strong>：<\/p>
Object.prototype<\/span>['* ONERROR'<\/span>] =<\/span> 1<\/span>;
<\/span><\/span>Object.prototype<\/span>['* SRC'<\/span>] =<\/span> 1<\/span>;
<\/span><\/span>\/\/ 允许所有标签的onerror和src属性
<\/span><\/span><\/span><\/code><\/pre>4. 原型污染检测工具<\/h2>
4.1 静态分析工具<\/h3>

提取代码中所有可能的属性访问标识符<\/li>
将这些属性添加到Object.prototype<\/code><\/li>
监控属性访问是否到达原型链<\/li>
<\/ol>
4.2 动态检测方法<\/h3>
通过代码插桩转换属性访问：<\/p>
\/\/ 原始代码
<\/span><\/span><\/span><\/span>if<\/span> (cfg<\/span>.ADD_ATTR<\/span>) { ... }
<\/span><\/span>
<\/span><\/span>\/\/ 转换后代码
<\/span><\/span><\/span><\/span>if<\/span> ($_GET_PROP<\/span>(cfg<\/span>, 'ADD_ATTR'<\/span>)) { ... }
<\/span><\/span>
<\/span><\/span>\/\/ 检测函数
<\/span><\/span><\/span><\/span>function<\/span> $_GET_PROP<\/span>(obj<\/span>, prop<\/span>) {
<\/span><\/span>    if<\/span> (!<\/span>(prop<\/span> in<\/span> obj<\/span>)) {
<\/span><\/span>        console<\/span>.log<\/span>(`Possible prototype pollution for <\/span>${<\/span>prop<\/span>}<\/span>`<\/span>);
<\/span><\/span>        console<\/span>.trace<\/span>();
<\/span><\/span>    }
<\/span><\/span>    return<\/span> obj<\/span>[prop<\/span>];
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>5. 防御措施<\/h2>


冻结原型<\/strong>：<\/p>
Object.freeze<\/span>(Object.prototype<\/span>);
<\/span><\/span><\/code><\/pre><\/li>

使用Object.create(null)<\/code>创建无原型对象<\/strong>：<\/p>
const<\/span> safeObj<\/span> =<\/span> Object.create<\/span>(null<\/span>);
<\/span><\/span><\/code><\/pre><\/li>

安全合并函数<\/strong>：<\/p>
function<\/span> safeMerge<\/span>(target<\/span>, source<\/span>) {
<\/span><\/span>  for<\/span> (const<\/span> key<\/span> in<\/span> source<\/span>) {
<\/span><\/span>    if<\/span> (key<\/span> ===<\/span> '__proto__'<\/span> ||<\/span> key<\/span> ===<\/span> 'constructor'<\/span> ||<\/span> key<\/span> ===<\/span> 'prototype'<\/span>) {
<\/span><\/span>      continue<\/span>;
<\/span><\/span>    }
<\/span><\/span>    if<\/span> (Object.prototype<\/span>.hasOwnProperty<\/span>.call<\/span>(source<\/span>, key<\/span>)) {
<\/span><\/span>      target<\/span>[key<\/span>] =<\/span> source<\/span>[key<\/span>];
<\/span><\/span>    }
<\/span><\/span>  }
<\/span><\/span>  return<\/span> target<\/span>;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre><\/li>

使用Map代替普通对象存储白名单<\/strong><\/p>
<\/li>
<\/ol>
6. 实际攻击案例<\/h2>


Google搜索栏XSS<\/strong>：<\/p>

通过原型污染绕过内部HTML过滤器<\/li>
可在搜索结果中执行任意JavaScript<\/li>
<\/ul>
<\/li>

Ghost CMS RCE<\/strong>：<\/p>

通过原型污染导致远程代码执行<\/li>
<\/ul>
<\/li>

Kibana RCE<\/strong>：<\/p>

利用原型污染实现远程代码执行<\/li>
<\/ul>
<\/li>
<\/ol>
7. 总结<\/h2>
原型污染是一种强大的攻击技术，可以：<\/p>

绕过客户端HTML过滤器<\/li>
修改应用程序逻辑<\/li>
导致XSS甚至RCE漏洞<\/li>
<\/ul>
关键防护原则<\/strong>：<\/p>

永远不要信任用户提供的JSON输入<\/li>
使用安全的对象操作函数<\/li>
对关键配置对象使用无原型或冻结的对象<\/li>
定期审计依赖库的安全性<\/li>
<\/ul>