Share
## https://sploitus.com/exploit?id=ABA8E86E-AFC1-52A3-8FDE-FE98DBD9331F
# R2S - React2Shell Scanner

A web-based vulnerability scanner for **CVE-2025-55182**, a critical Remote Code Execution (RCE) vulnerability in React Server Components.

**Live Scanner:** [https://r2s.mxm0z.com](https://r2s.mxm0z.com)

## About CVE-2025-55182

CVE-2025-55182 is a critical (CVSS 10.0) vulnerability in the React Server Components Flight protocol that allows unauthenticated attackers to execute arbitrary code on vulnerable Next.js servers via crafted HTTP requests.

### Affected Versions

| Package | Vulnerable | Patched |
|---------|-----------|---------|
| React | 19.0.0 | 19.0.1 |
| React | 19.1.0 - 19.1.1 | 19.1.2 |
| React | 19.2.0 | 19.2.1 |
| Next.js | 15.0.0 - 15.0.4 | 15.0.5 |
| Next.js | 15.1.0 - 15.1.8 | 15.1.9 |
| Next.js | 15.2.0 - 15.2.5 | 15.2.6 |
| Next.js | 15.3.0 - 15.3.5 | 15.3.6 |
| Next.js | 15.4.0 - 15.4.7 | 15.4.8 |
| Next.js | 15.5.0 - 15.5.6 | 15.5.7 |
| Next.js | 16.0.0 - 16.0.6 | 16.0.7 |

## How It Works

This scanner sends a **safe detection payload** to the target URL. The payload uses `"_prefix":"1"` which simply evaluates to the number 1 - it does not execute any code on the target server.

### Detection Logic

| Response | Interpretation |
|----------|----------------|
| HTTP 500 + RSC error pattern | **VULNERABLE** (high confidence) |
| HTTP 500 | **LIKELY VULNERABLE** (medium confidence) |
| Request timeout (>6s) | **POTENTIALLY VULNERABLE** (medium confidence) |
| HTTP 200/404/other | **NOT VULNERABLE** |

## Deploy Your Own

### Prerequisites

- [Cloudflare account](https://dash.cloudflare.com/sign-up) (free tier works)
- [Node.js](https://nodejs.org/) 18+
- [Wrangler CLI](https://developers.cloudflare.com/workers/wrangler/install-and-update/)

### Setup

```bash
# Clone the repository
git clone https://github.com/mxm0z/r2s.git
cd r2s

# Install dependencies
npm install

# Run locally
npm run dev

# Deploy to Cloudflare Pages
npm run deploy
```

### Custom Domain (Optional)

1. Add your domain to Cloudflare
2. Go to Cloudflare Pages > your project > Custom domains
3. Add your subdomain (e.g., `scanner.yourdomain.com`)

## Project Structure

```
r2s/
โ”œโ”€โ”€ public/
โ”‚   โ”œโ”€โ”€ index.html      # Main page
โ”‚   โ”œโ”€โ”€ style.css       # Styling
โ”‚   โ”œโ”€โ”€ app.js          # Frontend logic
โ”‚   โ””โ”€โ”€ _worker.js      # Cloudflare Worker (scanner API)
โ”œโ”€โ”€ wrangler.toml       # Cloudflare configuration
โ””โ”€โ”€ package.json
```

## API

### POST /api/scan

Scan a target URL for CVE-2025-55182.

**Request:**
```json
{
  "targetUrl": "https://example.com"
}
```

**Response:**
```json
{
  "target": "https://example.com",
  "timestamp": "2025-01-15T12:00:00.000Z",
  "status": "not_vulnerable",
  "message": "NOT VULNERABLE",
  "httpStatus": "404 Not Found",
  "responsePreview": "...",
  "confidence": "high"
}
```

## Disclaimer

This tool is provided for **authorized security testing only**. Only scan applications you have explicit permission to test. The authors are not responsible for misuse of this tool.

## Credits

- **Original Research:** [Lachlan Davidson](https://react2shell.com/)
- **React Advisory:** [GHSA-fv66-9v8q-g76r](https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r)
- **Next.js Advisory:** [GHSA-9qr9-h5gf-34mp](https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp)

## License

MIT