REACT SERVER COMPONENTS RCE SCANNER

WARNING
  • Only scan systems you own or have explicit permission to test
  • Unauthorized scanning may be illegal
  • Default scan executes code on vulnerable targets
  • Use Safe Side-Channel Detection if you don't want code execution
SCAN TYPE DESCRIPTIONS

Default RCE Check
Sends crafted multipart POST with RCE PoC payload executing deterministic math operation. Vulnerable hosts return result in response header.

Safe Side-Channel Detection
Uses side-channel indicators (500 status with specific error digest) without executing code. Recommended when RCE execution is not desired.

WAF Bypass Mode
Prepends random junk data to request body to evade WAF content inspection.

Vercel WAF Bypass
Specific payload variant designed for Vercel WAF protections with alternative multipart structure.

Windows Target
Switches payload from Unix shell to PowerShell for Windows servers.
CVE-2025-55182 & CVE-2025-66478