Hello everyone. I’m rayepeng, a security researcher.
Today I will tell you how AST injection, combined with prototype pollution, facilitates remote code execution (also known as RCE)
Template engine
Developer used to use template engine like ejs、pug、handlebars , which render HTML code dynamic, and aim for make page