Skip to content

unknownhad/patch-to-exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
labs
labs
 
 
pocs
pocs
 
 
README.md
README.md
 
 

Repository files navigation

patch-to-exploit

Lab + PoC scripts for "30 minutes from patch to exploit".

Five CVEs. Five exploits derived from public patch diffs. Slowest took 30 minutes. Fastest took two.

CVE Target Bug Severity PoC
CVE-2026-44578 Next.js SSRF via WebSocket upgrade High 8.6 pocs/01-nextjs-ssrf.py
CVE-2026-44579 Next.js DoS via Next-Resume header High 7.5 pocs/03-nextjs-cache-dos.sh
CVE-2026-44577 Next.js Image optimizer OOM Moderate 5.9 pocs/02-nextjs-image-dos.sh
CVE-2026-44574 Next.js Middleware auth bypass High 8.1 Analysis only (see blog)
CVE-2026-9082 Drupal SQL injection (core) Critical 9.8 pocs/04-drupal-sqli.py

setup

cd labs
bash setup.sh          # creates test files + builds images
docker compose up -d   # starts everything

What runs:

  • localhost:3000 Next.js 15.5.15 (vulnerable)
  • localhost:8080 Drupal 11.2.11 (vulnerable: needs install wizard)
  • internal-service:8888 canary (Docker-internal only: SSRF target)

Drupal one-time setup: visit localhost:8080, complete the wizard. DB: drupal/drupal/drupal, host: drupal-db.

run

python3 pocs/01-nextjs-ssrf.py                          # SSRF
bash pocs/02-nextjs-image-dos.sh 127.0.0.1 3000         # Image DoS
bash pocs/03-nextjs-cache-dos.sh 127.0.0.1 3000         # Cache DoS
python3 pocs/04-drupal-sqli.py --host 127.0.0.1 --port 8080  # SQLi

cleanup

cd labs && docker compose down -v

About

lab + PoCs for 5 CVEs (Next.js + Drupal)

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages