Share
## https://sploitus.com/exploit?id=B74B64D1-FB91-5000-806C-16C466F51F12
# ๐Ÿšจ React Zero-Day Exploit Laboratory





> **Interactive Security Research Platform Demonstrating Real Vulnerabilities in React Server Components**

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Docker](https://img.shields.io/badge/Docker-Enabled-2496ED.svg?logo=docker)](https://www.docker.com/)
[![React](https://img.shields.io/badge/React-18.0-61DAFB.svg?logo=react)](https://reactjs.org/)
[![Next.js](https://img.shields.io/badge/Next.js-14.0-000000.svg?logo=next.js)](https://nextjs.org/)

## ๐Ÿ”ฅ Overview

**React Zero-Day Exploit Laboratory** is a comprehensive security research environment designed for ethical hackers, penetration testers, and React developers. This platform demonstrates **real, exploitable vulnerabilities** in React Server Components through an interactive, containerized lab environment.

**โš ๏ธ IMPORTANT: This project is for EDUCATIONAL and DEFENSIVE SECURITY purposes only. Use only in controlled, isolated environments.**

## ๐Ÿ“Š Lab Dashboard Metrics

- **Active Vulnerabilities**: 5+ critical security flaws
- **API Endpoints Exposed**: 12+ vulnerable endpoints
- **Secrets Leaked**: Simulated credentials and tokens
- **Success Rate**: 100% reproducible exploits

## ๐ŸŽฏ Key Features

### ๐Ÿงช Interactive Lab Environment
- **Live Exploits**: Real-time vulnerability demonstrations
- **Hands-On Exercises**: Step-by-step security challenges
- **Instant Feedback**: Exploit verification and scoring system

### ๐Ÿ”“ Vulnerability Demonstrations
1. **Remote Code Execution (RCE)** in React Server Components
2. **Path Traversal** attacks on Next.js file system
3. **Server-Side Request Forgery (SSRF)**
4. **Information Disclosure** through server components
5. **Insecure Deserialization** vulnerabilities

### ๐Ÿ›ก๏ธ Educational Focus
- **Defensive Coding** patterns and fixes
- **Security Best Practices** for React/Next.js
- **Real-World Attack** simulations
- **Remediation Guides** for each vulnerability

## ๐Ÿ—๏ธ Project Architecture


## ๐Ÿš€ Quick Start

### Prerequisites
- Docker & Docker Compose
- Node.js 18+ (optional, for local development)

### Installation

```bash
# Clone the repository
git clone https://github.com/InfoSecAntara/react-zero-day.git
cd react-zero-day-lab

# Start the lab environment
docker-compose up -d

# Access the lab at:
# - Vulnerable App: http://localhost:3000
# - Lab Dashboard: http://localhost:3000/dashboard
# - Exploit Tester: http://localhost:4000

Interactive Learning
bash
# Run the RCE exploit demonstration
cd exploit-tester
node rce-exploit.js --target http://localhost:3000

# Test path traversal vulnerability
node path-traversal.js --target http://localhost:3000

```

## Lab Modules
Module 1: RCE in React Server Components
Vulnerability: Unsafe dynamic imports and eval() patterns

Impact: Full server compromise

Mitigation: Input validation and safe execution contexts

Module 2: Path Traversal Attacks
Vulnerability: Insecure file system access in server components

Impact: Sensitive file disclosure

Mitigation: Path sanitization and access controls

Module 3: Secret Leakage
Vulnerability: Environment variable exposure through SSR

Impact: Credential and API key theft

Mitigation: Proper secret management

๐Ÿ› ๏ธ Development
```bash
Building Locally
bash

# Install dependencies
cd vulnerable-app
npm install

# Run in development mode
npm run dev

# Run exploit tests
cd ../exploit-tester
npm test

Docker Development
bash
# Rebuild containers
docker-compose build

# View logs
docker-compose logs -f

# Reset the lab
docker-compose down && docker-compose up -d

```

๐Ÿ“š Educational Resources
Each vulnerability includes:

Detailed Explanation of the security flaw

Step-by-Step Exploit walkthrough

Code Examples of vulnerable patterns

Secure Alternatives and fixes

Further Reading links

โš–๏ธ Responsible Disclosure
This project follows ethical security research principles:

All vulnerabilities are deliberately introduced

No real systems are harmed

Educational focus on defense

Encourages responsible security practices

๐ŸŽ“ Who Should Use This?
Security Researchers: Test and understand React-specific vulnerabilities

React Developers: Learn secure coding practices

Penetration Testers: Practice web application security testing

CTF Players: Prepare for security competitions

Engineering Teams: Security awareness training