关联漏洞
介绍
# Vulnerable Next.js App for Pentesting Practice
This is a Next.js application intentionally designed to be vulnerable to CVE-2025-29927: The Next.js Middleware Authorization Bypass Vulnerability.
## ⚠️ Disclaimer
**This application is for educational and ethical hacking purposes only.** Do not deploy it to a production environment. The vulnerabilities are intentional and are meant to be used for security testing and practice.
## Vulnerability Details
- **CVE ID:** CVE-2025-29927
- **Description:** The Next.js Middleware Authorization Bypass Vulnerability allows unauthenticated users to access protected routes.
- **Affected Versions:** Next.js 13.x
## Getting Started
First, run the development server:
```bash
npm run dev
# or
yarn dev
# or
pnpm dev
# or
bun dev
```
Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.
文件快照
[4.0K] /data/pocs/e612d0f3793c17de8b77724369d889bcb93fcc7e
├── [4.0K] app
│ ├── [4.0K] admin
│ │ └── [3.1K] page.tsx
│ ├── [4.0K] api
│ │ └── [4.0K] items
│ │ └── [1.6K] route.ts
│ ├── [4.0K] auth
│ │ └── [4.0K] signin
│ │ └── [1.7K] page.tsx
│ ├── [ 25K] favicon.ico
│ ├── [ 128] globals.css
│ ├── [ 717] layout.tsx
│ └── [1.7K] page.tsx
├── [ 93K] bun.lock
├── [4.0K] data
│ └── [ 316] data.json
├── [ 41] envexample
├── [ 454] middleware.ts
├── [ 92] next.config.mjs
├── [ 201] next-env.d.ts
├── [ 548] package.json
├── [121K] package-lock.json
├── [ 137] postcss.config.cjs
├── [4.0K] public
│ ├── [1.3K] next.svg
│ └── [ 629] vercel.svg
├── [ 880] README.md
├── [ 35] rq
├── [ 498] tailwind.config.ts
└── [ 574] tsconfig.json
8 directories, 22 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。