hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
2175115eb89e974481730d016fe8b50327100b4a
websafe-kb/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/report.md

3.0 KiB
原始文件 Blame 文件历史

运行 nextjs-nextjs--CVE-2021-37699-20260318035628

LAB ONLY | AUTHORIZED TARGETS ONLY | 自动生成 run bundle

  • 漏洞条目: nextjs--CVE-2021-37699
  • 系统: nextjs
  • Repro Profile: nextjs-proxy-boundary
  • 实证状态: verified-real
  • 实证方式: real
  • Artifact 模式: local-fixture
  • 启动时间: 2026-03-18T03:56:28+00:00
  • 完成时间: 2026-03-18T03:56:35+00:00
  • 阻塞原因: -
  • Compose 服务: app

运行时间线

时间 步骤 状态 说明
2026-03-18T03:56:28+00:00 select-advisory completed nextjs--CVE-2021-37699
2026-03-18T03:56:28+00:00 resolve-repro-profile completed nextjs-proxy-boundary
2026-03-18T03:56:29+00:00 doctor completed all checks passed
2026-03-18T03:56:32+00:00 provision-compose-environment ready -
2026-03-18T03:56:32+00:00 wait-ready completed baseline urls ready (1)
2026-03-18T03:56:32+00:00 seed-environment completed steps=1
2026-03-18T03:56:32+00:00 baseline-snapshot completed urls=1
2026-03-18T03:56:33+00:00 browser-replay-before-attack completed -
2026-03-18T03:56:33+00:00 controlled-attack-chain completed steps=1
2026-03-18T03:56:34+00:00 browser-replay-after-attack completed -
2026-03-18T03:56:34+00:00 collect-logs-and-evidence completed container_logs=1
2026-03-18T03:56:35+00:00 cleanup-compose-environment completed docker compose down completed
2026-03-18T03:56:35+00:00 update-registry-and-reports completed nextjs-nextjs--CVE-2021-37699-20260318035628

Compose 拓扑

  • Compose 文件: /Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/compose/compose.yaml
  • 服务列表: app

攻击步骤

工具/步骤 状态 结果
nextjs.proxy-boundary completed /Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/attack.json

证据摘要

  • Baseline: 1
  • 攻击步骤: 1
  • 浏览器证据: 10
  • 容器日志: 1
  • 请求日志: 2

浏览器截图

baseline proof

浏览器证据

  • assets/baseline.png
  • assets/baseline-dom.html
  • logs/baseline-console.json
  • logs/baseline-network.json
  • logs/baseline-page.json
  • assets/proof.png
  • assets/proof-dom.html
  • logs/proof-console.json
  • logs/proof-network.json
  • logs/proof-page.json

容器日志

  • logs/docker/app.log

请求与基线日志

  • logs/attack.json
  • logs/baseline.json

最小化验证说明

  • 仅限自有资产、本地靶场或已授权实验目标。
  • 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
  • 若浏览器证据缺失,前端类案例不会被标为 verified-*
在新工单中引用 查看 Git Blame 复制永久链接