Appsec

Introduction React2Shell is a vulnerability in React Server Components which gives an attacker unauthenticated remote code execution on a remote server. This vulnerability has CVSS score of 10.0 💀. If you are curious like me and wants to know what happens on the backend code which cause this remote code execution this blog is for you. Before diving in to code let’s start with some basics. What are React Server Components? React Server Components (RSC) are a feature in React which is used in React frameworks like Next.js. They are used to segregate client-side and server-side rendered components. Static or non-interactive part of the website is rendered on the server side and sent it to the user in the HTTP response. Interactive elements like button or links are only rendered on client side. It is used to make website respond faster for users. ...