Next.js Application

https://x.com/renniepak/status/1830963129897124294

A quick way to find "all" paths for Next.js websites:

console.log(__BUILD_MANIFEST.sortedPages)

More intresting objects in next.js app

window.NEXT_DATA.props.pageProps

CVE-2023-46298 cache poisoning on nextjs application

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

adding the x-middleware-prefetch header results in an empty JSON object {} as a response.

Next.js and cache poisoning: a quest for the black holezhero_web_security