POC详情: 50449d61a692897166e2269dba9c74137fd03d57

来源
https://github.com/fahimalshihab/NextBypass
关联漏洞
标题: Next.js 安全漏洞 (CVE-2025-29927)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
描述
Next.js Middleware Authorization Bypass Tool (CVE-2025-29927)
介绍
# NextBypass 🚨
**Next.js Middleware Authorization Bypass Tool (CVE-2025-29927)**

[![asciicast](https://asciinema.org/a/uyDuYrRBj2r8gqN1u6oDvsEVU.svg)](https://asciinema.org/a/uyDuYrRBj2r8gqN1u6oDvsEVU)
## Features
- Exploit CVE-2025-29927 via `x-middleware-subrequest` header  
- Auto-browser integration (Proxy/Bookmarklet)  
- Vulnerability scanning & log analysis  
- Network traffic monitoring  

## Installation
```bash
git clone https://github.com/your-username/NextBypass.git
cd NextBypass
chmod +x NextBypass
```

## Usage
```bash
./NextBypass  # Interactive menu
```

## Options
| Option | Description                          |
|--------|--------------------------------------|
| 1      | Terminal exploit                     |
| 2      | Browser exploit (Proxy/Bookmarklet)  |
| 3      | Vulnerability checker                |
| 4      | Scan logs for attacks                |
| 5      | Monitor network traffic (Root)       |

## Legal
- **Educational use only**  
- **Not responsible for misuse**  
- **Upgrade Next.js to patched versions**  

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
文件快照

 [4.0K]  /data/pocs/50449d61a692897166e2269dba9c74137fd03d57
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。