$170k in Bypasses The Vercel React2Shell Challenge#2204
Open
carlospolop wants to merge 1 commit intomasterfrom
Open
$170k in Bypasses The Vercel React2Shell Challenge#2204carlospolop wants to merge 1 commit intomasterfrom
carlospolop wants to merge 1 commit intomasterfrom
Conversation
Collaborator
Author
🔗 Additional ContextOriginal Blog Post: https://www.hacktron.ai/blog/react2shell-vercel-waf-bypass Content Categories: Based on the analysis, this content was categorized under "Pentesting Web -> Proxy / WAF Protections Bypass, with cross-links to HTTP Request Smuggling / HTTP parser differentials and File Upload / multipart-form parsing quirks". Repository Maintenance:
Review Notes:
Bot Version: HackTricks News Bot v1.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Automated Content Update
This PR was automatically generated by the HackTricks News Bot based on a technical blog post.
📝 Source Information
🎯 Content Summary
Hacktron’s post explains how its researchers repeatedly bypassed Vercel’s emergency WAF protections for React2Shell, a pre-authentication remote code execution bug in React Server Functions tracked as CVE-2025-55182. The underlying bug affected Next.js 15.x–16.0.6 and other React/RSC ecosystems including react-router, Waku,
@parcel/rsc,@vitejs/plugin-rsc, andrwsdk. The security impact is critical because one crafted server request can be enough to obtain server-side code execution.<...
🔧 Technical Details
A general WAF-bypass technique for parser-driven vulnerabilities is to hunt for grammar un-equivalence between the security layer and the real backend parser. Compare how each side interprets top-level `Content-Type`, duplicate parameters, duplicate headers, multipart boundaries, `Content-Disposition`, per-part metadata, charsets, malformed bytes, and termination markers. If the WAF and backend disagree about which bytes are headers, which bytes are body content, where the multipart body starts or ends, or how strings are decoded, the WAF may inspect a harmless interpretation while the backend reconstructs the real exploit.
Duplicate parameter ambiguity is a powerful bypass class. If a request contains multiple instances of a parameter such as `boundary=` in `Content-Type`, one parser may use the first occurrence while another uses the last. An attacker can then build the multipart body for one boundary while the WAF scans using another, causing the WAF to ignore the ac...
🤖 Agent Actions
I’m mapping the existing HackTricks structure first, then I’ll read the likely WAF, HTTP parsing, multipart, and upload pages to avoid duplicating existing material and pick a single file.
The repo is broad, so I’m narrowing to existing pages that already discuss parser differential and upload/body parsing behavior. I want one file that matches the technique instead of scattering the same idea across multiple pages.
I found three plausible homes: the WAF bypass page, request smuggling, and file upload. Next I’m checking how each one ends and whether React2Shell transport tricks are already covered so I can keep this as a single-file change.
I’ve picked the WAF bypass page as the right target. The React2Shell gadget chain is already documented elsewhere; the genuinely new material here is the multipart/parser differential workflow and concrete WAF bypass classes.
I’ve got the exact change scoped: a new multipart/parser-differential WAF-bypass section in
src/pentesting-web/proxy-waf-protections-bypass.md, with concise exploit classes, a tester workflow, and cross-links to request smuggling and file upload.The patch is in. I’m validating the rendered shape now: checking the final section placement, the internal link targets, and that the change stayed confined to a single file with updated references.
Updated proxy-waf-protections-bypass.md with a new multipart/parser-differential WAF-bypass section. I kept it focused on the new transport-layer technique from the blog instead of duplicating the existing React2Shell vulnerability coverage, and added the relevant parser mismatch classes: duplicate
boundary=precedence, fail-open parse errors, per-part charset decoding (utf16le/ucs2), duplicate multipartContent-Typeheaders, malformed closing boundary handling, and a short testing workflow. It also includes internal cross-links to the request smuggling and file upload pages.I updated the file’s
## Referencessection with the Hacktron blog and the busboy charset source, verified both internal link targets exist, and confirmed the worktree only contains this single intended file change. I didn’t run a full docs build.This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.