63 行
5.0 KiB
HTML
63 行
5.0 KiB
HTML
<!doctype html>
|
|
<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
|
|
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
|
|
</head><body>
|
|
<h1>运行 nextjs-nextjs--CVE-2025-30218-20260318035721</h1>
|
|
<div class='grid'>
|
|
<div class='card'><strong>漏洞条目</strong><br><code>nextjs--CVE-2025-30218</code></div>
|
|
<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
|
|
<div class='card'><strong>复现 Profile</strong><br><code>nextjs-proxy-boundary</code></div>
|
|
<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
|
|
</div>
|
|
<h2>Mermaid 时间线</h2>
|
|
<pre>flowchart LR
|
|
A["选择 Advisory"] --> B["解析 Repro Profile"]
|
|
B --> C["生成 Compose 环境"]
|
|
C --> D["采集基线快照"]
|
|
D --> E["执行受控攻击步骤"]
|
|
E --> F["浏览器回放验证"]
|
|
F --> G["收集日志与证据"]
|
|
G --> H["回写 Registry 与报告"]</pre>
|
|
<h2>运行时间线</h2>
|
|
<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
|
|
<tr><td><code>2026-03-18T03:57:21+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>nextjs--CVE-2025-30218</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:21+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>nextjs-proxy-boundary</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:21+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:24+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:24+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:24+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:24+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:25+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:25+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:26+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:26+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:27+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
|
|
<tr><td><code>2026-03-18T03:57:27+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>nextjs-nextjs--CVE-2025-30218-20260318035721</td></tr>
|
|
</tbody></table>
|
|
<h2>攻击步骤</h2>
|
|
<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
|
|
<tr><td><code>nextjs.proxy-boundary</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/attack.json</code></td></tr>
|
|
</tbody></table>
|
|
<h2>浏览器截图</h2>
|
|
<div class='gallery'>
|
|
<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
|
|
<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
|
|
</div>
|
|
<h2>证据清单</h2><ul>
|
|
<li><code>compose/compose.yaml</code></li>
|
|
<li><code>assets/baseline.png</code></li>
|
|
<li><code>assets/baseline-dom.html</code></li>
|
|
<li><code>logs/baseline-console.json</code></li>
|
|
<li><code>logs/baseline-network.json</code></li>
|
|
<li><code>logs/baseline-page.json</code></li>
|
|
<li><code>assets/proof.png</code></li>
|
|
<li><code>assets/proof-dom.html</code></li>
|
|
<li><code>logs/proof-console.json</code></li>
|
|
<li><code>logs/proof-network.json</code></li>
|
|
<li><code>logs/proof-page.json</code></li>
|
|
<li><code>logs/docker/app.log</code></li>
|
|
<li><code>logs/attack.json</code></li>
|
|
<li><code>logs/baseline.json</code></li>
|
|
</ul>
|
|
</body></html>
|