关联漏洞
标题:
Next.js 安全漏洞
(CVE-2024-46982)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 13.5.1版本至14.2.10之前版本存在安全漏洞。攻击者利用该漏洞通过发送特制HTTP请求,毒害页面路由器中非动态服务器端呈现路由的缓存。
描述
POC CVE-2024-46982
介绍
# Next.js Cache Poisoning Exploit
This Go script demonstrates a cache poisoning exploit targeting Next.js `_next/image` endpoints by manipulating cache keys and injecting attacker-controlled URLs.
## Features
- Copies a source image file multiple times.
- Generates crafted URLs pointing to an attacker's server.
- Automates sending requests to the vulnerable target endpoint.
- Cleans up temporary files after each iteration.
- Configurable via command-line options.
## Requirements
- Go 1.21 or newer.
- A publicly accessible server (e.g., using `ngrok`).
## Usage
Run the script with the following options:
```bash
go run main.go -s <source-image> -a <attacker-url> -t <target-url> -n <num-copies> -d <delay>
```
## Example
```bash
go run main.go -h
Usage: exploit [OPTIONS]
Options:
-s, --source-image Path to the source image file
-a, --attacker-url Base URL of the attacker's server (required)
-f, --file Path to the file containing target URLs (one per line)
-n, --num-copies Number of image copies to create and upload (default: 5)
-d, --delay Delay between requests in seconds (default: 60)
-h, --help Show this help message and exit
Example:
go run exploit.go -s chillguy.jpg -a http://attacker-ngrok-url -t https://victim-url.com -n 10 -d 30
```
文件快照
[4.0K] /data/pocs/c3557d0f851b6ee178e3e761d25b65313c2f7b55
├── [ 80K] chill.jpg
├── [ 36] go.mod
├── [3.9K] main.go
└── [1.3K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。