Chris Grieger fourcube
fourcube
/ CVE-2025-29927.bcheck
Created
March 24, 2025 07:55
Burp BCheck for CVE-2025-29927 (Next.js middleware bypass)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata: | |
| language: v2-beta | |
| name: "CVE-2025-29927 - Next.js middleware bypass" | |
| description: "Checks for differences in responses when using different x-middleware-subrequest header paths" | |
| author: "Chris Grieger - blueredix.com" | |
| tags: "next.js", "middleware" | |
| run for each: | |
| middleware_value = "pages/_middleware", | |
| "middleware", |
fourcube
/ aws-waf-rule-CVE-2025-29927.json
Created
March 23, 2025 22:37
Temporary AWS WAF rule as a workaround for CVE-2025-29927
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Name": "Block_CVE-2025-29927", | |
| "Priority": 0, | |
| "Action": { | |
| "Block": {} | |
| }, | |
| "VisibilityConfig": { | |
| "SampledRequestsEnabled": true, | |
| "CloudWatchMetricsEnabled": true, | |
| "MetricName": "Block_CVE-2025-29927" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module.exports = class Foo { | |
| constructor() { | |
| console.log('foo'); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "io" | |
| "log" | |
| "net" | |
| ) | |
| func EchoServer(addr string, done chan struct{}) net.Listener { | |
| listener, err := net.Listen("tcp", addr) |
fourcube
/ UseCase-Template
Created
January 7, 2015 10:51
Markdown Template for describing Use Cases
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Use Case 1: (Target) Title (Type) | |
| ================================= | |
| **Primary Actor**: User | |
| **Scope**: Software system | |
| **Level**: Summary / User Goal | |
| Main success scenario: | |
| ---------------------- | |
| 1. ... | |
| 2. ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| var status = "Embedding Gists works perfectly."; | |
| console.log(status); |
fourcube
/ WS2012_Mockito.java
Last active
August 29, 2015 13:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package svv; | |
| import org.junit.Before; | |
| import org.junit.Rule; | |
| import org.junit.Test; | |
| import org.junit.rules.ExpectedException; | |
| import org.junit.runner.RunWith; | |
| import static org.mockito.Mockito.*; |
fourcube
/ ExpectedExceptions.java
Created
January 29, 2014 17:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package svv; | |
| import org.junit.Before; | |
| import org.junit.Rule; | |
| import org.junit.Test; | |
| import org.junit.rules.ExpectedException; | |
| import org.junit.runner.RunWith; | |
| import org.mockito.Mock; | |
| import org.mockito.runners.MockitoJUnitRunner; |
fourcube
/ SVV_WS1112.java
Last active
January 4, 2016 08:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * To change this license header, choose License Headers in Project Properties. | |
| * To change this template file, choose Tools | Templates | |
| * and open the template in the editor. | |
| */ | |
| package de.grieger.ws11_mockito; | |
| import java.io.Reader; | |
| import java.util.Map; |