Share
## https://sploitus.com/exploit?id=4AAC71A9-996C-5E43-A713-2F2046B7B8E8
RCE Exploit Research Tools
Project Overview
This repository contains a proof-of-concept (PoC) exploit tool developed as part of a cybersecurity research project. It demonstrates a Remote Code Execution (RCE) vulnerability within a modern web environment (Next.js 15.0.0).

The vulnerability stems from Insecure Deserialization in Server Actions. By exploiting the way the server processes incoming Flight Protocol streams, an attacker can inject malicious payloads that execute arbitrary system commands via the child_process module. This research highlights the critical importance of input validation and secure deserialization practices in modern full-stack frameworks.

Execution Guide
Terminal 1: Vulnerable Server

Start the victim server using the following commands:

cd ~/RCE_demo

npm run dev

The server will be accessible at http://localhost:3000.

Terminal 2: Attacker Shell

Navigate to the attack tools directory and launch the intelligent RCE console:

cd ~/Desktop/attack

./venv/bin/python network_attacker.py

(Note: We use the local venv path to ensure the correct Python environment is loaded).

Post-Exploitation Commands

Once the connection is established and the target is confirmed, you can run system commands directly:

ls -la

whoami

cat /etc/passwd