GitHub - profusion/react2shell: A server-side React app with a playground to test the React2Shell vulnerability

GitHub - profusion/react2shell: A server-side React app with a playground to test the React2Shell vulnerability

Repository files navigation

This is a Next.js project bootstrapped with create-next-app.

POC Exploit Instructions

To run the exploit demonstration:

Start the development server in dev mode:

Install form-data dependency (if not already installed):

Run the exploit script:

Open the Next terminal to see:

haha, im a hacker
POST / 200 in 98ms

Edit the _prefix in script.js to change the executed script:

    '_prefix':'console.log("haha, i am a hacker")//',

Links

Credits to LachLan for the PoC script.