Share
## https://sploitus.com/exploit?id=B74B64D1-FB91-5000-806C-16C466F51F12
# ๐จ React Zero-Day Exploit Laboratory
> **Interactive Security Research Platform Demonstrating Real Vulnerabilities in React Server Components**
[](https://opensource.org/licenses/MIT)
[](https://www.docker.com/)
[](https://reactjs.org/)
[](https://nextjs.org/)
## ๐ฅ Overview
**React Zero-Day Exploit Laboratory** is a comprehensive security research environment designed for ethical hackers, penetration testers, and React developers. This platform demonstrates **real, exploitable vulnerabilities** in React Server Components through an interactive, containerized lab environment.
**โ ๏ธ IMPORTANT: This project is for EDUCATIONAL and DEFENSIVE SECURITY purposes only. Use only in controlled, isolated environments.**
## ๐ Lab Dashboard Metrics
- **Active Vulnerabilities**: 5+ critical security flaws
- **API Endpoints Exposed**: 12+ vulnerable endpoints
- **Secrets Leaked**: Simulated credentials and tokens
- **Success Rate**: 100% reproducible exploits
## ๐ฏ Key Features
### ๐งช Interactive Lab Environment
- **Live Exploits**: Real-time vulnerability demonstrations
- **Hands-On Exercises**: Step-by-step security challenges
- **Instant Feedback**: Exploit verification and scoring system
### ๐ Vulnerability Demonstrations
1. **Remote Code Execution (RCE)** in React Server Components
2. **Path Traversal** attacks on Next.js file system
3. **Server-Side Request Forgery (SSRF)**
4. **Information Disclosure** through server components
5. **Insecure Deserialization** vulnerabilities
### ๐ก๏ธ Educational Focus
- **Defensive Coding** patterns and fixes
- **Security Best Practices** for React/Next.js
- **Real-World Attack** simulations
- **Remediation Guides** for each vulnerability
## ๐๏ธ Project Architecture
## ๐ Quick Start
### Prerequisites
- Docker & Docker Compose
- Node.js 18+ (optional, for local development)
### Installation
```bash
# Clone the repository
git clone https://github.com/InfoSecAntara/react-zero-day.git
cd react-zero-day-lab
# Start the lab environment
docker-compose up -d
# Access the lab at:
# - Vulnerable App: http://localhost:3000
# - Lab Dashboard: http://localhost:3000/dashboard
# - Exploit Tester: http://localhost:4000
Interactive Learning
bash
# Run the RCE exploit demonstration
cd exploit-tester
node rce-exploit.js --target http://localhost:3000
# Test path traversal vulnerability
node path-traversal.js --target http://localhost:3000
```
## Lab Modules
Module 1: RCE in React Server Components
Vulnerability: Unsafe dynamic imports and eval() patterns
Impact: Full server compromise
Mitigation: Input validation and safe execution contexts
Module 2: Path Traversal Attacks
Vulnerability: Insecure file system access in server components
Impact: Sensitive file disclosure
Mitigation: Path sanitization and access controls
Module 3: Secret Leakage
Vulnerability: Environment variable exposure through SSR
Impact: Credential and API key theft
Mitigation: Proper secret management
๐ ๏ธ Development
```bash
Building Locally
bash
# Install dependencies
cd vulnerable-app
npm install
# Run in development mode
npm run dev
# Run exploit tests
cd ../exploit-tester
npm test
Docker Development
bash
# Rebuild containers
docker-compose build
# View logs
docker-compose logs -f
# Reset the lab
docker-compose down && docker-compose up -d
```
๐ Educational Resources
Each vulnerability includes:
Detailed Explanation of the security flaw
Step-by-Step Exploit walkthrough
Code Examples of vulnerable patterns
Secure Alternatives and fixes
Further Reading links
โ๏ธ Responsible Disclosure
This project follows ethical security research principles:
All vulnerabilities are deliberately introduced
No real systems are harmed
Educational focus on defense
Encourages responsible security practices
๐ Who Should Use This?
Security Researchers: Test and understand React-specific vulnerabilities
React Developers: Learn secure coding practices
Penetration Testers: Practice web application security testing
CTF Players: Prepare for security competitions
Engineering Teams: Security awareness training