POC详情: 1464a52bb9068551256a185c08a7feaa0cce6b7f

来源
关联漏洞
标题: Next.js 安全漏洞 (CVE-2025-29927)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
介绍
# Man-in-the-middle

This application is named Man-in-the middle because it contains a vulnerability in Next.JS middleware and the flag is in the API call.

---

## 🚀 Production Setup

### 1. `.env.production`

```env
DATABASE_URL=postgresql://postgres:password@db:5432/nextauth
JWT_SECRET=your-production-secret
```

### 2. Build and Start

```bash
docker compose up --build -d
```

---

## 🛠️ Development Setup

### 1. Clone the Repository

```bash
git clone <your-repo-url>
cd <your-project-folder>
```

### 2. Install Dependencies

```bash
npm install
```

### 3. Set Up PostgreSQL (Development)

Create a separate `docker-compose.dev.yml` for dev:

```yaml
version: "3.8"

services:
  db:
    image: postgres:16
    restart: always
    environment:
      POSTGRES_USER: devuser
      POSTGRES_PASSWORD: devpass
      POSTGRES_DB: devdb
    volumes:
      - devdata:/var/lib/postgresql/data
    ports:
      - "5433:5432"

volumes:
  devdata:
```

Then run it:

```bash
docker compose -f docker-compose.dev.yml up -d
```

### 4. Create `.env`

```env
DATABASE_URL=postgresql://devuser:devpass@localhost:5433/devdb
JWT_SECRET=dev-secret
```

### 5. Prisma Setup

```bash
npx prisma generate
npx prisma migrate dev --name init
npx tsx prisma/seed.ts
```

### 6. Start Dev Server

```bash
npm run dev
```

App: [http://localhost:3000](http://localhost:3000)

---

## 🧪 Testing

You can test login with the seeded admin user:

```
email: administrator@orion.xyz
password: adminSup3rS3cur3P@ssw0rd
```
文件快照

[4.0K] /data/pocs/1464a52bb9068551256a185c08a7feaa0cce6b7f ├── [4.0K] components │   ├── [2.3K] AuthForm.tsx │   └── [1.3K] Navbar.tsx ├── [ 288] docker-compose.dev.yml ├── [ 618] docker-compose.yml ├── [ 223] docker-entrypoint.sh ├── [ 384] Dockerfile ├── [4.0K] hooks │   └── [ 845] useUser.ts ├── [4.0K] lib │   ├── [ 308] prisma.ts │   └── [ 509] useAuth.ts ├── [1.5K] middleware.ts ├── [ 149] next.config.js ├── [ 213] next-env.d.ts ├── [ 864] package.json ├── [4.0K] pages │   ├── [4.0K] api │   │   └── [4.0K] auth │   │   ├── [ 610] flag-is-here.ts │   │   ├── [ 851] login.ts │   │   ├── [ 335] logout.ts │   │   ├── [ 445] me.ts │   │   └── [ 596] register.ts │   ├── [ 348] _app.tsx │   ├── [ 602] dashboard.tsx │   ├── [2.3K] index.tsx │   ├── [ 908] login.tsx │   ├── [ 930] register.tsx │   └── [ 881] unauthorized.tsx ├── [ 48K] pnpm-lock.yaml ├── [ 93] postcss.config.mjs ├── [4.0K] prisma │   ├── [4.0K] migrations │   │   ├── [4.0K] 20250730115250_init │   │   │   └── [ 302] migration.sql │   │   └── [ 128] migration_lock.toml │   ├── [ 274] schema.prisma │   └── [ 693] seed.ts ├── [1.5K] README.md ├── [4.0K] styles │   └── [ 23] globals.css └── [ 718] tsconfig.json 10 directories, 33 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。