CVE-2024-34102 PoC — Adobe Commerce 代码问题漏洞

来源

https://github.com/SamJUK/cosmicsting-validator

关联漏洞

标题:Adobe Commerce 代码问题漏洞 (CVE-2024-34102)
Description:Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 存在代码问题漏洞，该漏洞源于受到不正确的 XML 外部实体引用 ( XXE ) 限制漏洞的影响，该漏洞可能导致任意代码执行。

Description

CosmicSting (CVE-2024-34102) POC / Patch Validator

介绍

A [Cosmicsting POC](https://github.com/Chocapikk/CVE-2024-34102), with a bash script to check all of our hosted sites to confirm the patch.

This repository is provided to allow store owners / hosts to confirm the patch is applied on stores. Within `check.bash` add domains to the `SITES` list.

[https://www.sdj.pw/posts/magento2-cosmic-sting-check/](https://www.sdj.pw/posts/magento2-cosmic-sting-check/)

[https://cosmicsting.samdjames.uk/](Online Validator https://cosmicsting.samdjames.uk/)

## Usage
```sh
# Create a python vitual environment for the project
python -m venv venv

# Install the requirements
pip install -r requirements.txt

# Run the bulk validator script
./z_validate sites/example.txt
./z_validate sites/acme.txt

# Run the POC against a single URL
./poc.py -u https://samdjames.uk

# For unpatched sites, run a very BASIC compromised check (dump script srcs)
# And run a diff against old detected scripts each execution
./z_compromise_check sites/example.txt
```

文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看

备注

1. 建议优先通过来源进行访问。

2. 本地 POC 快照面向订阅用户开放；当原始来源失效或无法访问时，本地镜像作为订阅权益的一部分提供。

查看订阅方案 →

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2024-34102 PoC — Adobe Commerce 代码问题漏洞

来源

关联漏洞

Description

介绍

文件快照

备注

目标达成感谢每一位支持者 — 我们达成了 100% 目标！