目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

CVE-2024-34102 PoC — Adobe Commerce 代码问题漏洞

来源
https://github.com/th3gokul/CVE-2024-34102
关联漏洞
标题:Adobe Commerce 代码问题漏洞 (CVE-2024-34102)
Description:Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 存在代码问题漏洞,该漏洞源于受到不正确的 XML 外部实体引用 ( XXE ) 限制漏洞的影响,该漏洞可能导致任意代码执行。
Description
CVE-2024-34102: Unauthenticated Magento XXE
介绍
# CVE-2024-34102: Unauthenticated Magento XXE
CVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-34102 with Asychronous Performance.


<h1 align="center">
  <img src="https://github.com/th3gokul/CVE-2024-34102/assets/89386101/d9991e30-35d7-4c72-9cfa-88d453d6540f" width="2000px">
  <br>
</h1>


### Installation

```bash
git clone https://github.com/th3gokul/CVE-2024-34102.git
cd CVE-2024-34102
pip install -r requirements.txt
python3 cvehunter.py --help
```

### Usage

```bash
python3 cvehunter.py -h

  ____ __     __ _____  _   _                _               
 / ___|\ \   / /| ____|| | | | _   _  _ __  | |_   ___  _ __ 
| |     \ \ / / |  _|  | |_| || | | || '_ \ | __| / _ \| '__|
| |___   \ V /  | |___ |  _  || |_| || | | || |_ |  __/| |   
 \____|   \_/   |_____||_| |_| \__,_||_| |_| \__| \___||_| 
     CVE-2024-34102                  @th3gokul & Sanjaith3hacker

[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-34102

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or domain for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs for vulnerability detection
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request via your proxy
  -v, --verbose         [INF]: Increases verbosity of output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output of vulnerable target]
```


### About:

The CVEHunter tool is an exploitation tool for CVE-2024-34102 and the Devlopers of the tool are
   - [Th3Gokul](https://www.linkedin.com/in/gokul-v-13455521a/)
   - [Sanjaith3hacker @RevoltSecurities](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/)

and We specially Thank [bebik](https://github.com/bebiksior) and his [SSRF](ssrf.cvssadvisor.com/) tool which helped in our research and exploitation 
on CVE-2024-34102 to know the callbacks, pings and find accurate results while exploiting this vulnerability, We appreciate him for the great contribution for Open Source Community.


### Disclaimer
The tool ⚒️ is only for education 📖 and ethical purpose only and Developers are not responsible for any illegal exploitations.
文件快照

 [4.0K]  /data/pocs/999c56b1445f2062b9760e84f3788b75503a2c4e
├── [ 11K]  cvehunter.py
├── [2.3K]  README.md
└── [ 114]  requirements.txt

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →