Add PoC exploit for CVE-2024-34102 - Githubissues

ronin-rb / community-pocs

A repository of PoCs for ronin-exploits

https://ronin-rb.dev

GNU General Public License v3.0

0 stars 2 forks source link

Add PoC exploit for CVE-2024-34102 #51

Open postmodern opened 1 month ago

postmodern commented 1 month ago

Add a PoC exploit for CVE-2024-34102, pre-authentication XXE in Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier.

Reference PoCs

https://github.com/bigb0x/CVE-2024-34102/blob/main/cve-2024-34102.py
https://github.com/th3gokul/CVE-2024-34102/blob/main/cvehunter.py (scans for CVE-2024-34102, but does not exploit)
https://github.com/11whoami99/CVE-2024-34102?tab=readme-ov-file#cve-2024-34102 (example HTTP Request and XXE payload)
https://github.com/d0rb/CVE-2024-34102/blob/e76545603f5c7d78786bf16a90d6b8da2bfd209b/PoC.py#L5-L39
https://github.com/Chocapikk/CVE-2024-34102/blob/main/exploit.py
https://github.com/0x0d3ad/CVE-2024-34102/blob/cd828c23fe9704ab4c524ce1cfe7d7ae032a58e0/CVE-2024-34102.py#L77-L107
https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento (contains both the exploit and scanner)
https://github.com/0xhunster/CVE-2024-34102/blob/master/exploit.py
https://github.com/bughuntar/CVE-2024-34102-Python/blob/main/cosmic_sting.py

Vuln App

N/A

How to Submit a PoC

See the CONTRIBUTING file for instructions on how to submit a PoC exploit.