69 行
1.6 KiB
JSON
69 行
1.6 KiB
JSON
{
|
|
"steps": [
|
|
{
|
|
"kind": "runner",
|
|
"tool": "nextjs.authz-bypass",
|
|
"status": "completed",
|
|
"status_code": 200,
|
|
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/attack.json"
|
|
}
|
|
],
|
|
"success": true,
|
|
"detail": "server-side authorization recheck was bypassed",
|
|
"before": {
|
|
"status_code": 403,
|
|
"ok": false,
|
|
"body": {
|
|
"ok": false,
|
|
"detail": "admin boundary still enforced"
|
|
}
|
|
},
|
|
"attack": {
|
|
"status_code": 200,
|
|
"ok": true,
|
|
"body": {
|
|
"ok": true,
|
|
"detail": "server-side authorization recheck was bypassed",
|
|
"case_id": "nextjs--CVE-2025-29927"
|
|
}
|
|
},
|
|
"after": {
|
|
"status_code": 200,
|
|
"ok": true,
|
|
"body": {
|
|
"ok": true,
|
|
"detail": "server-side authorization recheck was bypassed",
|
|
"case_id": "nextjs--CVE-2025-29927"
|
|
}
|
|
},
|
|
"proof": {
|
|
"status_code": 200,
|
|
"ok": true,
|
|
"body": {
|
|
"success": true,
|
|
"detail": "server-side authorization recheck was bypassed",
|
|
"case_id": "nextjs--CVE-2025-29927",
|
|
"sink_hits": 0,
|
|
"uploads": [],
|
|
"events": [
|
|
{
|
|
"event": "seed",
|
|
"detail": "nextjs--CVE-2025-29927"
|
|
},
|
|
{
|
|
"event": "attack",
|
|
"detail": "server-side authorization recheck was bypassed"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"assertions": [
|
|
{
|
|
"name": "proof-success",
|
|
"kind": "runner-proof",
|
|
"passed": true,
|
|
"detail": "server-side authorization recheck was bypassed"
|
|
}
|
|
]
|
|
}
|