## https://sploitus.com/exploit?id=1F937C6F-733C-5C61-9B55-15F71D3162D8
# π‘οΈ React2Shell CTF π



Welcome to **React2Shell-CTF**, a Dockerized environment designed to practice exploiting **React2Shell (CVE-2025-55182)**.
**React2Shell** is a critical vulnerability affecting React-based applications. This repository provides a safe, locally deployable Capture The Flag (CTF) challenge to help you understand and mitigate this flaw. **Can you pop a Reverse Shell?** π
---
## βΉοΈ Vulnerability Info
For a full technical explanation of **CVE-2025-55182**, please visit the official informational website:
### π [react2shell.com](https://react2shell.com) π
---
## β οΈ Disclaimer
> **IMPORTANT! READ BEFORE PROCEEDING**
This project is created **strictly for educational and learning purposes**.
* π« **We do not condone or promote illegal activities.**
* π The goal is to provide a safe environment for developers and security professionals to understand how this vulnerability works.
* π‘οΈ **The best way to protect oneself is by understanding the vulnerability.**
Using this material to attack targets without prior mutual consent is illegal.
---
## π οΈ Local Installation
To run this CTF on your machine:
```bash
# Clone the repository
git clone https://github.com/yz9yt/React2Shell-CTF.git
# Enter the directory
cd React2Shell-CTF
# Start with Docker (requires sudo)
sudo docker-compose up --build
```
The application will be available at:
π **`http://localhost:5555`**
---
## π Solution & Walkthrough
Need help? We have prepared a comprehensive step-by-step guide to help you understand the exploit path.
### π Choose your language:
* π¬π§ **[English Walkthrough](WALKTHROUGH_EN.md)**
* πͺπΈ **[GuΓa en EspaΓ±ol](WALKTHROUGH_ES.md)**
This document explains:
1. **Setup**: How to verify the environment.
2. **Exploitation**: Detailed manual exploitation steps using `curl`.
3. **Verification**: How to confirm Remote Code Execution (RCE).
---
Happy Hacking! π΅οΈββοΈ
---
Created by **[@yz9yt](https://x.com/yz9yt)** π¦