2.5 KiB
2.5 KiB
运行 nextjs-nextjs--CVE-2024-34351-20260318012953
LAB ONLY|AUTHORIZED TARGETS ONLY| 自动生成 run bundle
- 漏洞条目:
nextjs--CVE-2024-34351 - 系统:
nextjs - Repro Profile:
nextjs-ssrf - 实证状态:
verified-real - 实证方式:
real - Artifact 模式:
local-fixture - 启动时间:
2026-03-18T01:29:53+00:00 - 完成时间:
2026-03-18T01:29:57+00:00 - 阻塞原因:
- - Compose 服务:
app
运行时间线
- Mermaid: timeline.mmd
| 时间 | 步骤 | 状态 | 说明 |
|---|---|---|---|
2026-03-18T01:29:53+00:00 |
select-advisory |
completed |
nextjs--CVE-2024-34351 |
2026-03-18T01:29:53+00:00 |
resolve-repro-profile |
completed |
nextjs-ssrf |
2026-03-18T01:29:53+00:00 |
doctor |
completed |
all checks passed |
2026-03-18T01:29:56+00:00 |
provision-compose-environment |
ready |
- |
2026-03-18T01:29:56+00:00 |
wait-ready |
completed |
baseline urls ready (1) |
2026-03-18T01:29:56+00:00 |
seed-environment |
completed |
steps=1 |
2026-03-18T01:29:56+00:00 |
baseline-snapshot |
completed |
urls=1 |
2026-03-18T01:29:56+00:00 |
controlled-attack-chain |
completed |
steps=1 |
2026-03-18T01:29:56+00:00 |
collect-logs-and-evidence |
completed |
container_logs=1 |
2026-03-18T01:29:57+00:00 |
cleanup-compose-environment |
completed |
docker compose down completed |
2026-03-18T01:29:57+00:00 |
update-registry-and-reports |
completed |
nextjs-nextjs--CVE-2024-34351-20260318012953 |
Compose 拓扑
- Compose 文件:
/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml - 服务列表:
app
攻击步骤
| 工具/步骤 | 状态 | 结果 |
|---|---|---|
nextjs.ssrf |
completed |
/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json |
证据摘要
- Baseline:
1 - 攻击步骤:
1 - 浏览器证据:
0 - 容器日志:
1 - 请求日志:
2
容器日志
logs/docker/app.log
请求与基线日志
logs/attack.jsonlogs/baseline.json
最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为
verified-*。