Update app.py
Browse files
app.py
CHANGED
|
@@ -281,6 +281,12 @@ Use the checkboxes below to configure a specific single test.
|
|
| 281 |
* **Windows Mode:** Uses PowerShell payload (`powershell -c ...`).
|
| 282 |
* **Generic WAF Bypass:** Pads the request with junk data (128KB).
|
| 283 |
* **Vercel WAF Bypass:** Uses a specific multipart structure.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 284 |
"""
|
| 285 |
|
| 286 |
with gr.Blocks(title="React2Shell Scanner") as demo:
|
|
|
|
| 281 |
* **Windows Mode:** Uses PowerShell payload (`powershell -c ...`).
|
| 282 |
* **Generic WAF Bypass:** Pads the request with junk data (128KB).
|
| 283 |
* **Vercel WAF Bypass:** Uses a specific multipart structure.
|
| 284 |
+
|
| 285 |
+
### 🛣️ Custom Path (When to use it)
|
| 286 |
+
Required if the root URL (`/`) is static or fails to trigger the exploit.
|
| 287 |
+
* **Sub-directories:** If the app lives at `/dashboard`, `/app`, or `/portal`.
|
| 288 |
+
* **Dynamic Routes:** If the homepage is static, try pages with forms/logic like `/login`, `/auth`, or `/search`.
|
| 289 |
+
* **Internals:** Direct targeting of `/_next` or `/api` can sometimes bypass caching.
|
| 290 |
"""
|
| 291 |
|
| 292 |
with gr.Blocks(title="React2Shell Scanner") as demo:
|