Unauthenticated Magento XXE to Path traversal | CVE-2024-34102 | Bug Bounty POC
ฝัง
- เผยแพร่เมื่อ 27 มิ.ย. 2024
- 🔥Magento XXE CVE-2024-34102: A newly discovered vulnerability dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
⚠️CosmicSting enables attackers to gain unauthorized access to sensitive files, including those containing passwords.
When combined with a recent Linux bug (CVE-2024-2961),the vulnerability can be escalated to remote code execution.
📣Dorks:
Hunter: product.name="Adobe Magento"
FOFA: app="Adobe-Magento"
SHODAN: http.html:"magento-template"
🔴POC: github.com/th3gokul/CVE-2024-...
📝POC & Payload: gist.github.com/wtf-yodhha/b4...
.
.
.
.
.
.
#cybersecurity #cybersecurityawareness #security #informationsecurity #hacker #datasecurity #hacking #threat #infosecurity #technology #cloud #hacks #computerscience #informationtechnology #social #tech #hacked #android #awscloud #aws
Where's the privesc part ?
You can't record notepad without playing Trance 009 Dreamscape. Massive missed opportunity
There is a mute button ⛄️