关联漏洞
介绍
Here's a clean and informative `README.md` for your GitHub repo that explains it's a vulnerable Next.js application for CVE-2025-29927 and includes a link to your setup YouTube video:
---
# 🔓 NextJS-CVE-2025-29927 - Vulnerable Demo Application
This is a vulnerable **Next.js application** that demonstrates **CVE-2025-29927**, a security flaw identified in web applications using Next.js with improper input handling or access control flaws.
The project uses a **MySQL** backend and JWT Authenticaion and is designed for **educational and testing purposes** only — such as for penetration testing labs, responsible disclosure demos, and security research.
The passwords for the test accounts on users.csv is "123456" and secret key for JWT Authenticaion "JWT_SECRET" is added to the file ".env.local" and has been shared on this public repo on purpose and is not JWT token been used in production. This is simplify the deployment and testing.
You can also replace the secret key for the JWT with the one you generated but the .env file should exist for the JWT authenticaion to work.
> ⚠️ **Disclaimer**: This project is intentionally vulnerable. Do NOT deploy this in production environments. Use only in isolated or controlled setups for educational use.
---
## 📹 YouTube links on how to setup this project and 2nd is Demo on how it is exploited
1. Watch the full setup and demo guide on YouTube here how to setup this project:
▶️ [https://www.youtube.com/watch?v=Akb3R34QnM8&t=482s]
2. Watch the full demo on YouTube here how the vulnerability is exploited:
▶️ [https://www.youtube.com/watch?v=3OPWodc2lx4]
---
## 🛠️ Tech Stack
- [Next.js](https://nextjs.org/)
- [MySQL](https://www.mysql.com/)
- RESTful API with insecure endpoints
- CVE-2025-29927 vulnerability demo
---
## 🚀 Getting Started
### Prerequisites
- Node.js (v18 or newer recommended)
- MySQL Server (Can use MySQL Workbench Community Edition which is free)
- Git
### 1. Clone the repository
```bash
git clone https://github.com/enochgitgamefied/NextJS-CVE-2025-29927.git
cd NextJS-CVE-2025-29927
```
### 2. Install dependencies
```bash
npm install
```
### 3. Configure the database
Create a MySQL database and update the connection details in:
```bash
/database/index.js
```
Simples setup would be to use the csv files shared on this repo to create the tables. The username accounts used all use the same password. The password is "123456". Watch the youtube video to get the full details and step by step instructions.
You can also use something like example below.
Example:
```js
const pool = mysql.createPool({
host: 'localhost',
user: 'root',
password: 'yourpassword',
database: 'cve_demo'
});
```
Then import the schema from `database/schema.sql` or run your own setup script.
### 4. Run the development server
```bash
npm run dev
```
Visit `http://localhost:3000` to view the app in your browser.
---
## 🐞 About the Vulnerability (CVE-2025-29927)
This application contains NextJS middlware that acts as WAF(web application Firewall) and vulnerable version of next 13.4.9 that allows attackers to exploit vulnerabilities related to **authentication bypass**, **local file inclusion**, or **improper access control**. The goal is to help researchers understand how this CVE can be exploited and how to mitigate it.
---
## 📬 Blog Link
https://techtalkpine.com/2025/03/demo-for-cve-2025-29927-nextjs/
---
## 📄 License
This project is licensed under the [MIT License](LICENSE).
```
---
文件快照
[4.0K] /data/pocs/2389eae2fd42de7c72e299c155317e4113da168e
├── [ 77] jsconfig.json
├── [ 106] next.config.js
├── [ 797] package.json
├── [419K] package-lock.json
├── [ 82] postcss.config.js
├── [4.0K] public
│ ├── [ 295] addresses.csv
│ ├── [ 65] cart.csv
│ ├── [4.0K] images
│ │ ├── [ 26M] 01.png
│ │ ├── [ 30M] 02.png
│ │ ├── [ 33M] 03.png
│ │ └── [ 13M] 04.png
│ ├── [1.3K] next.svg
│ ├── [ 40] order_items.csv
│ ├── [ 108] orders.csv
│ ├── [ 130] products.csv
│ ├── [ 69] shipping_addresses.csv
│ ├── [ 992] users.csv
│ └── [ 629] vercel.svg
├── [3.5K] README.md
├── [4.0K] src
│ ├── [4.0K] app
│ │ ├── [4.0K] account
│ │ │ └── [8.3K] page.js
│ │ ├── [4.0K] admin
│ │ │ └── [ 244] page.js
│ │ ├── [4.0K] admin-view
│ │ │ ├── [4.0K] add-product
│ │ │ │ └── [2.3K] page.js
│ │ │ ├── [4.0K] all-products
│ │ │ │ └── [ 302] page.js
│ │ │ ├── [ 205] layout.js
│ │ │ └── [6.5K] page.js
│ │ ├── [4.0K] api
│ │ │ ├── [4.0K] address
│ │ │ │ ├── [4.0K] add-new-address
│ │ │ │ │ └── [1.9K] route.js
│ │ │ │ ├── [4.0K] delete-address
│ │ │ │ │ └── [1.2K] route.js
│ │ │ │ ├── [4.0K] get-all-address
│ │ │ │ │ └── [2.6K] route.js
│ │ │ │ └── [4.0K] update-address
│ │ │ │ └── [1.2K] route.js
│ │ │ ├── [4.0K] admin
│ │ │ │ ├── [4.0K] add-product
│ │ │ │ │ └── [3.7K] route.js
│ │ │ │ ├── [4.0K] all-products
│ │ │ │ │ └── [ 763] route.js
│ │ │ │ ├── [4.0K] delete-product
│ │ │ │ │ └── [1.2K] route.js
│ │ │ │ ├── [4.0K] orders
│ │ │ │ │ ├── [4.0K] get-all-orders
│ │ │ │ │ │ └── [1.1K] route.js
│ │ │ │ │ └── [4.0K] update-order
│ │ │ │ │ └── [1.4K] route.js
│ │ │ │ ├── [4.0K] product-by-category
│ │ │ │ │ └── [ 801] route.js
│ │ │ │ ├── [4.0K] product-by-id
│ │ │ │ │ └── [ 969] route.js
│ │ │ │ └── [4.0K] update-product
│ │ │ │ └── [1.5K] route.js
│ │ │ ├── [4.0K] cart
│ │ │ │ ├── [4.0K] add-to-cart
│ │ │ │ │ └── [1.9K] route.js
│ │ │ │ ├── [4.0K] all-cart-items
│ │ │ │ │ └── [1.2K] route.js
│ │ │ │ └── [4.0K] delete-from-cart
│ │ │ │ └── [1.2K] route.js
│ │ │ ├── [4.0K] login
│ │ │ │ └── [2.2K] route.js
│ │ │ ├── [4.0K] order
│ │ │ │ ├── [4.0K] create-order
│ │ │ │ │ └── [1.1K] route.js
│ │ │ │ ├── [4.0K] get-all-orders
│ │ │ │ │ └── [1.1K] route.js
│ │ │ │ └── [4.0K] order-details
│ │ │ │ └── [1.2K] route.js
│ │ │ ├── [4.0K] register
│ │ │ │ └── [1.8K] route.js
│ │ │ └── [4.0K] stripe
│ │ │ └── [1.1K] route.js
│ │ ├── [4.0K] cart
│ │ │ └── [2.5K] page.js
│ │ ├── [4.0K] checkout
│ │ │ └── [9.9K] page.js
│ │ ├── [4.0K] debug
│ │ │ └── [ 401] page.js
│ │ ├── [ 25K] favicon.ico
│ │ ├── [ 652] globals.css
│ │ ├── [ 595] layout.js
│ │ ├── [4.0K] login
│ │ │ └── [5.1K] page.js
│ │ ├── [1.8K] middleware.js
│ │ ├── [4.0K] orders
│ │ │ ├── [4.0K] [order-details]
│ │ │ │ └── [7.2K] page.js
│ │ │ └── [4.4K] page.js
│ │ ├── [7.0K] page.js
│ │ ├── [4.0K] product
│ │ │ ├── [4.0K] [details]
│ │ │ │ └── [ 360] page.js
│ │ │ └── [4.0K] listing
│ │ │ ├── [4.0K] all-products
│ │ │ │ └── [ 291] page.js
│ │ │ ├── [4.0K] kids
│ │ │ │ └── [ 297] page.js
│ │ │ ├── [4.0K] men
│ │ │ │ └── [ 295] page.js
│ │ │ └── [4.0K] women
│ │ │ └── [ 299] page.js
│ │ ├── [4.0K] register
│ │ │ └── [5.2K] page.js
│ │ └── [4.0K] unauthorized-page
│ │ └── [ 577] page.js
│ ├── [4.0K] assets
│ │ ├── [ 26M] 01.png
│ │ ├── [ 25M] 02.png
│ │ ├── [ 33M] 03.png
│ │ └── [ 10M] 04.png
│ ├── [4.0K] components
│ │ ├── [ 880] AdminProtector.js
│ │ ├── [4.0K] CartModal
│ │ │ └── [5.7K] index.js
│ │ ├── [4.0K] CommonCart
│ │ │ └── [5.7K] index.js
│ │ ├── [4.0K] CommonDetails
│ │ │ └── [5.3K] index.js
│ │ ├── [4.0K] CommonListing
│ │ │ ├── [1.0K] index.js
│ │ │ ├── [4.0K] ProductButtons
│ │ │ │ └── [3.3K] index.js
│ │ │ └── [4.0K] ProductTile
│ │ │ └── [1.5K] index.js
│ │ ├── [4.0K] CommonModal
│ │ │ └── [2.2K] index.js
│ │ ├── [4.0K] FormElements
│ │ │ ├── [4.0K] InputComponent
│ │ │ │ └── [ 610] index.js
│ │ │ ├── [4.0K] SelectComponent
│ │ │ │ └── [ 940] index.js
│ │ │ └── [4.0K] TileComponent
│ │ │ └── [ 930] index.js
│ │ ├── [4.0K] Loader
│ │ │ └── [4.0K] componentlevel
│ │ │ └── [ 362] index.js
│ │ ├── [4.0K] Navbar
│ │ │ └── [7.3K] index.js
│ │ └── [4.0K] Notification
│ │ └── [ 405] index.js
│ ├── [4.0K] context
│ │ └── [3.7K] index.js
│ ├── [4.0K] database
│ │ └── [ 751] index.js
│ ├── [4.0K] middleware
│ │ └── [ 975] AuthUser.js
│ ├── [1.8K] middleware.js
│ ├── [4.0K] models
│ │ ├── [2.4K] address.js
│ │ ├── [2.5K] cart.js
│ │ ├── [3.8K] order.js
│ │ ├── [2.7K] product.js
│ │ └── [1.4K] user.js
│ ├── [4.0K] services
│ │ ├── [4.0K] address
│ │ │ └── [2.7K] index.js
│ │ ├── [4.0K] cart
│ │ │ └── [1.1K] index.js
│ │ ├── [4.0K] login
│ │ │ └── [1.0K] index.js
│ │ ├── [4.0K] order
│ │ │ └── [1.8K] index.js
│ │ ├── [4.0K] product
│ │ │ └── [2.1K] index.js
│ │ ├── [4.0K] register
│ │ │ └── [ 372] index.js
│ │ └── [4.0K] stripe
│ │ └── [ 434] index.js
│ └── [4.0K] utils
│ ├── [ 313] cookies.js
│ └── [4.1K] index.js
└── [ 480] tailwind.config.js
81 directories, 101 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。