webPromedium
Lab 248 — PulseBoard — Next.js Middleware Authorization Bypass
hackadvisor
Task: Next.js team analytics dashboard (PulseBoard) with middleware-based role authorization protecting admin panel; NextAuth for authentication. Solution: bypass middleware via CVE-2025-29927 x-middleware-subrequest header (repeated 5x) with valid session cookie to access /admin/secrets and retrieve PLATFORM_MASTER_KEY.
$ ls tags/ techniques/
header_injectionauthorization_bypassnextjsmiddleware_bypasscve_2025_29927honeypot_flagnextauthpages_routerbuild_manifest_disclosure
honeypot_flag_identificationnextjs_middleware_subrequest_bypassnextjs_build_manifest_route_disclosurenextauth_credentials_authenticationmiddleware_recursion_depth_exploitauthorization_bypass_via_framework_vulnerability
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 113 — CloudNest— hackadvisor
- [web][Pro]Lab 326 — PulseBoard — NoSQL Injection in Authentication— hackadvisor
- [web][Pro]Lab 372 — PipelineIQ — Next.js Middleware Authorization Bypass— hackadvisor
- [web][Pro]Lab 262 — PulseBoard — JWT Signature Bypass via Google Sign-In— hackadvisor
- [web][Pro]Lab 389 — PulseBoard — SSTI in Custom Widget Template Builder— hackadvisor