| ▲ | wonnage 19 hours ago | |
You could send that link to an unsuspecting user and steal their cookies, make API requests to send messages on their behalf, etc Apparently one of the other linked posts shows how you can also gain RCE, since the docs are statically pre-rendered and there’s no sandboxing to prevent you from evalling arbitrary JavaScript. | ||
| ▲ | Willish42 17 hours ago | parent [-] | |
> Apparently one of the other linked posts shows how you can also gain RCE Yep, here it is: https://kibty.town/blog/mintlify/ Also linked in his guide (which I missed) and [here in a separate HN post](https://news.ycombinator.com/item?id=46317546). I think this other author's post is a lot more detailed and arguably more useful to folks reading on HN. | ||