unknownhad/patch-to-exploit

# patch-to-exploit Lab + PoC scripts for ["30 minutes from patch to exploit"](https://blog.himanshuanand.com/2026/05/30-minutes-from-patch-to-exploit/). Five CVEs. Five exploits derived from public patch diffs. Slowest took 30 minutes. Fastest took two. | CVE | Target | Bug | Severity | PoC | |---|---|---|---|---| | CVE-2026-44578 | Next.js | SSRF via WebSocket upgrade | High 8.6 | `pocs/01-nextjs-ssrf.py` | | CVE-2026-44579 | Next.js | DoS via `Next-Resume` header | High 7.5 | `pocs/03-nextjs-cache-dos.sh` | | CVE-2026-44577 | Next.js | Image optimizer OOM | Moderate 5.9 | `pocs/02-nextjs-image-dos.sh` | | CVE-2026-44574 | Next.js | Middleware auth bypass | High 8.1 | Analysis only (see blog) | | CVE-2026-9082 | Drupal | SQL injection (core) | Critical 9.8 | `pocs/04-drupal-sqli.py` | ## setup cd labs bash setup.sh # creates test files + builds images docker compose up -d # starts everything **What runs:** - `localhost:3000` Next.js 15.5.15 (vulnerable) - `localhost:8080` Drupal 11.2.11 (vulnerable: needs install wizard) - `internal-service:8888` canary (Docker-internal only: SSRF target) **Drupal one-time setup:** visit `localhost:8080`, complete the wizard. DB: `drupal`/`drupal`/`drupal`, host: `drupal-db`. ## run python3 pocs/01-nextjs-ssrf.py # SSRF bash pocs/02-nextjs-image-dos.sh 127.0.0.1 3000 # Image DoS bash pocs/03-nextjs-cache-dos.sh 127.0.0.1 3000 # Cache DoS python3 pocs/04-drupal-sqli.py --host 127.0.0.1 --port 8080 # SQLi ## cleanup cd labs && docker compose down -v