Hi,
as title. It's possible there is no real security risk behind it, especially when the target is not vulnerable to prototype pollution. However I think it would still be best practice to not reference as part of the extension a parked domain that in the future could be hijacked.
Example:
https://example.com/#__proto__[attrs][src]=1&__proto__[src]=//p6.is/ppscan.php
https://example.com/#__proto__[BOOMR]=1&__proto__[url]=//p6.is/ppscan.php
Hi,
as title. It's possible there is no real security risk behind it, especially when the target is not vulnerable to prototype pollution. However I think it would still be best practice to not reference as part of the extension a parked domain that in the future could be hijacked.
Example: