Magento XXE (CVE-2024-34102) - RCE in Adobe Magento | Live Recon POC
ฝัง
- เผยแพร่เมื่อ 15 ต.ค. 2024
- Big companies are using this CMS, I found Microsoft and reported them as well.
Magento is one of the most popular e-commerce solutions in use on the internet. It's estimated that there are over 140,000 instances of Magento running as of late 2023. Adobe's most recent advisory for Adobe Commerce / Magento, published on June 11th, 2024 highlighted a critical, pre-authentication XML entity injection issue (CVE-2024-34102) which Adobe rated as CVSS 9.8.
Exploit github.com/Cho...
#exploit #phishingscams #poc #liverecon #bugbounty #bugbountytips
Like the video
Thank you!
how to find sites vulnerable? any dorks ?
Can rce be achieved with this?
@@hexormc5164 yes gain admin access reading app.php, crack JWT through that and then look for existing post auth RCE.
Or just leverage XXE to upload files remotely and execute shell.
Do u know how to leverage for rce?
can you do exploit in facebook accounts i will pay for that
no bro