Skip to content

platsecurity/React2Lambda

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
build_lab.sh
build_lab.sh
 
 
react2lambda.py
react2lambda.py
 
 

Repository files navigation

react2lambda

Exploit tool for CVE-2025-55182 (React2Shell) in Next.js Lambda deployments. Exploits Server Side JavaScript Injection (SSJI) via prototype pollution in React Server Components to exfiltrate AWS credentials and environment variables from serverless Lambda functions.

Background

Traditional React2Shell scanners miss vulnerable serverless deployments. While Webpack bundling prevents traditional RCE (shell access), the vulnerability enables SSJI that can exfiltrate AWS credentials—often more dangerous than shell access in cloud environments.

For full research details, see: Expanding React2Shell for Serverless Lambda Functions

Requirements

  • Python 3.10+
  • requests library
pip3 install requests

Usage

react2lambda <host> -c <js:expression>

Examples

# Check Node.js version
react2lambda https://target.com 'js:process.version'

# Dump environment variables (including AWS credentials)
react2lambda https://target.com 'js:process.env'

How It Works

The tool exploits prototype pollution in Next.js Server Actions to inject JavaScript code that executes in the Lambda runtime. Output is extracted from redirect headers or error digests in the response.

AWS credentials in the output are automatically highlighted in red for visibility.

Disclaimer

This tool is for authorized security testing and research purposes only. Only use against systems you own or have explicit permission to test.

About

React2Shell but for AWS Lambda

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages