From 8a1c79e210549b8555e3dbcd081b2df0b40d37cf Mon Sep 17 00:00:00 2001
From: ptaindia <aloke.13@gmail.com>
Date: Fri, 5 Dec 2025 15:25:30 +0530
Subject: [PATCH] feat: add detection patterns from original CVE-2025-55182 PoC

Add 4 new detection patterns based on Lachlan Davidson's original PoC:
- chunk_reference: Detects $@ Chunk object reference notation
- formdata_gadget: Detects _formData gadget chain access
- constructor_chain: Detects constructor:constructor traversal
- setprototypeof_access: Detects setPrototypeOf manipulation

Also updated README acknowledgments with link to original PoC repository.
---
 README.md                  |  4 ++--
 src/middleware/detector.ts | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index cfa0713..aafa66c 100644
--- a/README.md
+++ b/README.md
@@ -16,9 +16,9 @@ Security scanner for **CVE-2025-55182** - a critical (CVSS 10.0) unauthenticated
 
 ## Acknowledgments
 
-This project exists to help the community respond to CVE-2025-55182. We acknowledge and thank the following individuals:
+This project exists to help the community respond to CVE-2025-55182. We acknowledge and thank:
 
-- **[Lachlan Davidson](https://github.com/lachlan2k)** ([react2shell.com](https://react2shell.com/)) - For discovering and responsibly disclosing the React Server Components vulnerability (CVE-2025-55182) on November 29th, 2025. The security community owes him gratitude for his diligence in identifying this critical flaw and working with the React and Next.js teams to ensure patches were available. His efforts have helped protect countless applications and users worldwide.
+- **[Lachlan Davidson](https://github.com/lachlan2k)** ([react2shell.com](https://react2shell.com/)) - For discovering and responsibly disclosing the React Server Components vulnerability (CVE-2025-55182) on November 29th, 2025. The security community owes him gratitude for his diligence in identifying this critical flaw and working with the React and Next.js teams to ensure patches were available. His efforts have helped protect countless applications and users worldwide. See his [original PoC](https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc) for technical details.
 
 ## Quick Start
 
diff --git a/src/middleware/detector.ts b/src/middleware/detector.ts
index 5dad2ed..d036e5d 100644
--- a/src/middleware/detector.ts
+++ b/src/middleware/detector.ts
@@ -43,6 +43,34 @@ const EXPLOIT_PATTERNS = [
     severity: 'high' as const,
     description: 'Potential _prefix property injection',
   },
+  // $@ Chunk reference notation (original PoC technique)
+  {
+    name: 'chunk_reference',
+    pattern: /\$@\d+/,
+    severity: 'high' as const,
+    description: 'RSC Chunk object reference access',
+  },
+  // _formData gadget chain access (original PoC technique)
+  {
+    name: 'formdata_gadget',
+    pattern: /"_formData"\s*:/i,
+    severity: 'high' as const,
+    description: 'FormData gadget chain access',
+  },
+  // Constructor chain traversal (original PoC technique)
+  {
+    name: 'constructor_chain',
+    pattern: /constructor\s*:\s*constructor/i,
+    severity: 'high' as const,
+    description: 'Constructor chain traversal attempt',
+  },
+  // setPrototypeOf manipulation (original PoC technique)
+  {
+    name: 'setprototypeof_access',
+    pattern: /setPrototypeOf/i,
+    severity: 'high' as const,
+    description: 'setPrototypeOf manipulation attempt',
+  },
   // Malformed module references
   {
     name: 'malformed_module_ref',