CVE-2024-34102

This repository contains a functional exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce that allows arbitrary file read via SSRF. The exploit crafts a malicious XML payload, hosts a DTD file on an external service, and exfiltrates data through a callback URL.

This repository contains a functional Python-based exploit for CVE-2024-34102, an XXE vulnerability in Magento/Adobe Commerce. The PoC leverages XML entity injection to exfiltrate files (e.g., /etc/passwd) from vulnerable targets via a crafted POST request and a local HTTP listener.

The repository contains a functional exploit tool for CVE-2024-34102, an unauthenticated XXE vulnerability in Magento. The tool uses asynchronous HTTP requests to detect and exploit the vulnerability by interacting with an external API for SSRF callback tracking.

This repository contains a functional exploit for CVE-2024-34102, an unauthenticated XXE vulnerability in Adobe Commerce and Magento. The exploit leverages nested deserialization to read arbitrary files via crafted XML payloads, with support for out-of-band data exfiltration.

This repository contains a functional Go-based exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce that can lead to arbitrary code execution. The exploit crafts a malicious XML payload to exfiltrate data via SSRF and uses external services for DTD hosting and callback handling.

This repository contains a functional exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce. The exploit leverages external entity references to achieve arbitrary file read and potential code execution by exfiltrating data via a crafted XML payload and callback mechanism.

The repository contains a functional proof-of-concept for CVE-2024-34102, demonstrating an unauthenticated XXE vulnerability in Magento that can bypass WAF protections. The exploit sends a crafted HTTP POST request to trigger an external HTTP connection to a specified webhook.

This repository contains a functional exploit for CVE-2024-34102, leveraging an XXE (XML External Entity) vulnerability in Magento's REST API to exfiltrate file contents via out-of-band data extraction. The PoC sets up a local HTTP server to capture the exfiltrated data and sends a crafted XML payload to the target endpoint.

This repository provides a Magento 2 extension patch for CVE-2024-34102 (Cosmic Sting), an XXE vulnerability that can lead to RCE. It includes code to detect and block forbidden XML-related classes during deserialization.

The repository contains only a README.md file with a CVE title and no additional content, technical details, or exploit code. It appears to be a placeholder or stub with no substantive information.

This repository contains a functional exploit suite for CVE-2024-34102, targeting Adobe Commerce/Magento 2.4.x via XXE injection. The exploit tests multiple attack vectors, including SSRF and file read capabilities, with detailed technical implementation.

This repository contains a functional exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce and Magento. It includes a Python-based exploit script, a dynamic DTD server, and a callback server for data exfiltration.

This repository contains a functional Go-based exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce that can lead to remote code execution. The exploit crafts a malicious XML payload to exfiltrate data via SSRF and external entity references.

The repository contains only a README.md file with no content, indicating it is a placeholder or stub with no functional exploit code or technical details.

This repository contains a functional exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce that can lead to arbitrary code execution. The exploit sends a crafted XML document to trigger the vulnerability and exfiltrate data via an external entity.

This repository contains a functional exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce. The PoC demonstrates arbitrary file read via crafted XML payloads sent to the `/rest/V1/guest-carts/1/estimate-shipping-methods` endpoint, leveraging external DTDs and SSRF callbacks for data exfiltration.

This repository contains a functional exploit for CVE-2024-34102, an XML entity injection vulnerability in Magento. The PoC demonstrates file exfiltration via a crafted XML payload sent to a vulnerable Magento endpoint.

This repository contains functional exploit code for CVE-2024-34102, targeting Magento2's encryption key management system. The code includes commands to generate, list, and rotate encryption keys, demonstrating the vulnerability.

This repository contains a functional exploit for CVE-2024-34102, an XXE vulnerability in Adobe Commerce and Magento. It includes scripts to extract cryptographic keys via XXE, generate JWT tokens, and demonstrate REST API access with stolen credentials.

This repository contains a functional exploit for CVE-2024-34102, an XML entity injection vulnerability in Magento. The PoC demonstrates file exfiltration via a crafted XML payload sent to a vulnerable endpoint.

This Metasploit module exploits CVE-2024-34102 (Magento XXE) and CVE-2024-2961 (glibc buffer overflow) to achieve unauthenticated RCE. It chains arbitrary file read via XXE with a heap-based buffer overflow in PHP's iconv() function.

This Metasploit module exploits CVE-2024-34102, an XXE vulnerability in Magento 2.4.7-p1 and below, allowing arbitrary file read via a crafted XML payload. It uses a callback server to exfiltrate base64-encoded file contents.