XSS to RCE Electron Desktop Apps
Last updated
Was this helpful?
Last updated
Was this helpful?
Recommended read for more trick:
When I test Electron app, first I always check the options of the , which is used to create a browser window. By checking it, I think about how RCE can be achieved when arbitrary JavaScript execution on the renderer is possible. Example:
If the nodeIntegration is set to true, a web page's JavaScript can use Node.js features easily just by calling the require()
. For example, the way to execute the calc application on Windows is:
If contextIsolation set to false you can try to use <webview> (similar to <iframe> butcan load local files) to read local files and exfiltrate them: using something like <webview src=”file:///etc/passwd”></webview>:
(Trick copied form ).