Share
## https://sploitus.com/exploit?id=1F937C6F-733C-5C61-9B55-15F71D3162D8
# πŸ›‘οΈ React2Shell CTF πŸš€

![Security](https://img.shields.io/badge/Security-CTF-red?style=for-the-badge&logo=hack-the-box)
![React](https://img.shields.io/badge/Vulnerability-CVE--2025--55182-critical?style=for-the-badge&logo=react&logoColor=black)
![Education](https://img.shields.io/badge/Purpose-Education-success?style=for-the-badge)

Welcome to **React2Shell-CTF**, a Dockerized environment designed to practice exploiting **React2Shell (CVE-2025-55182)**.

**React2Shell** is a critical vulnerability affecting React-based applications. This repository provides a safe, locally deployable Capture The Flag (CTF) challenge to help you understand and mitigate this flaw. **Can you pop a Reverse Shell?** 🐚

---

## ℹ️ Vulnerability Info

For a full technical explanation of **CVE-2025-55182**, please visit the official informational website:

### πŸ‘‰ [react2shell.com](https://react2shell.com) πŸ‘ˆ

---

## ⚠️ Disclaimer

> **IMPORTANT! READ BEFORE PROCEEDING**

This project is created **strictly for educational and learning purposes**.

*   🚫 **We do not condone or promote illegal activities.**
*   πŸŽ“ The goal is to provide a safe environment for developers and security professionals to understand how this vulnerability works.
*   πŸ›‘οΈ **The best way to protect oneself is by understanding the vulnerability.**

Using this material to attack targets without prior mutual consent is illegal.

---

## πŸ› οΈ Local Installation

To run this CTF on your machine:

```bash
# Clone the repository
git clone https://github.com/yz9yt/React2Shell-CTF.git

# Enter the directory
cd React2Shell-CTF

# Start with Docker (requires sudo)
sudo docker-compose up --build
```

The application will be available at:  
πŸ‘‰ **`http://localhost:5555`**

---

## πŸ“š Solution & Walkthrough

Need help? We have prepared a comprehensive step-by-step guide to help you understand the exploit path.

### πŸ“– Choose your language:
*   πŸ‡¬πŸ‡§ **[English Walkthrough](WALKTHROUGH_EN.md)**
*   πŸ‡ͺπŸ‡Έ **[GuΓ­a en EspaΓ±ol](WALKTHROUGH_ES.md)**

This document explains:
1.  **Setup**: How to verify the environment.
2.  **Exploitation**: Detailed manual exploitation steps using `curl`.
3.  **Verification**: How to confirm Remote Code Execution (RCE).

---
Happy Hacking! πŸ•΅οΈβ€β™‚οΈ

---
Created by **[@yz9yt](https://x.com/yz9yt)** 🐦