CVE-2024-34102 PoC — XXE can expose crypt key and other secrets granting full admin access

Source

https://github.com/dream434/CVE-2024-34102

Associated Vulnerability

Title:XXE can expose crypt key and other secrets granting full admin access (CVE-2024-34102)
Description:Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Description

adobe commerce

Readme

# CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier are affected by
an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
An attacker could exploit this vulnerability by sending a crafted XML document that references external entities.
Exploitation of this issue does not require user interaction.

##  Installation 🚀

<code>git clone https://github.com/dream434/CVE-2024-34102</code>

<code>cd CVE-2024-34102</code>

## Usage 🎮


<code>python3 exploit.py  https://exemple.com </code>

## Disclaimer  ⚠️

To use this tool for legal purposes

## Credit 💎

Credit to @th3gokul & Sanjaith3hacker for the original code base

File Snapshot


 [4.0K]  /data/pocs/3845d3ffdb34d5893e5a2c09fb4d6af48b73b0bd
├── [2.2K]  exploit.py
├── [2.6K]  massExploit.py
└── [ 745]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!