## https://sploitus.com/exploit?id=290881CE-6C5C-5D85-9327-F64A20F8AD1A
# overview
after reading write up of @zhero___ in his personal blogpost i decide to build this CTF to learn how things work and after that i decide to share it with anybody who wants to learn how exploit this vulnerability so Big shout out to zhero & inzo_ and you can find their blogpost here : "https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware"
## Goal
you should bypass the middlware and find the flag in admin page aslo you can read amazing assetnote research : "https://www.assetnote.io/resources/research/doing-the-due-diligence-analyzing-the-next-js-middleware-bypass-cve-2025-29927" that help you bypass it faster
## Getting Started
1. Clone the repository:
```bash
git clone https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-.git
cd Next.js-Middleware-Bypass-CVE-2025-29927-
```
2. Install dependencies:
```bash
npm install
# or
yarn install
```
3. Set up environment variables:
Create a `.env` file in the root directory and add the following:
```env
DATABASE_URL="your-database-url"
JWT_SECRET="your-jwt-secret"
```
4. Initialize the database:
```bash
npx prisma generate
npx prisma db push
```
## Running the CTF
Development mode:
```bash
npm run dev
# or
yarn dev
```