## https://sploitus.com/exploit?id=9D33E265-E850-555F-B8FE-CB2BB529DC8F
# โก React2Shell Exploit PoC (CVE-2025-66478)
> **Next.js Remote Code Execution (RCE) via Prototype Pollution in Server Components**
---
## ๐ต๏ธโโ๏ธ Overview
This repository contains a **Proof of Concept (PoC)** for **CVE-2025-66478** (also referenced as **CVE-2025-55182** in some contexts), a critical vulnerability affecting **Next.js** applications that use specific versions of **React Server Components (RSC)**.
By manipulating the serialization process of RSCs, an unauthenticated attacker can inject a malicious payload via **prototype pollution** (`__proto__:then`). This can lead to execution of arbitrary system commands on the server through `child_process.execSync`.
**Developed by:** ArkhamKnight47
---
## ๐ Features
- **Interactive CLI** โ Simple prompts for target URL and command.
- **Payload Injection** โ Automatically builds the required `multipart/form-data` payload.
- **Smart Output Cleaning** โ Parses raw JSON responses and displays *only* clean command output (e.g., strips `1:E{"digest":...}`).
- **Matrix Theme** โ Green-on-black aesthetic with ASCII art banner.
- **Cross-Platform** โ Handles newline differences (`\n` vs `\r\n`) for clean output on Windows and Linux targets.
---
## ๐ ๏ธ Installation & Usage
### Prerequisites
- Python **3.x**
- `requests` library
### Setup
```bash
# Clone the repository
git clone https://github.com/ArkhamKnight47/React2Shell-PoC.git
cd React2Shell-PoC
# Install dependencies
pip install requests
```
### Running the Exploit
```bash
python CVE-2025-66478.py
```
You will be prompted for:
- **Target URL** โ e.g. `http://localhost:3000`
- **Command** โ e.g. `id`, `whoami`, `cat /etc/passwd`
---
## ๐ Example Output
```text
[?] TARGET URL > http://192.168.1.5:3000
[?] COMMAND > cat /etc/passwd
[*] EXECUTING EXPLOIT...
[+] PAYLOAD SUCCESSFUL. OUTPUT BELOW:
============================================================
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
nextjs:x:1001:65533::/home/nextjs:/sbin/nologin
============================================================
```
---
## โ ๏ธ Disclaimer
This tool is provided **for educational and security research purposes only**.
The author (**ArkhamKnight47**) takes **no responsibility** for misuse of this code. Testing this exploit against systems you do not own or do not have explicit permission to test is **illegal and unethical**.
- โ Do **not** use against production systems without authorization
- โ Do use to validate vulnerabilities in **your own applications**
- โ Do use to learn about **RSC serialization and prototype pollution risks**
---
> Use responsibly. Learn ethically. Secure your stack.