Saumadip Mandal wtf-yodhha
wtf-yodhha
/ CVE-2024-34102
Created
June 28, 2024 17:36
Unauthenticated Magento XXE CVE-2024-34102 to Privilege Escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 🔥Magento XXE CVE-2024-34102: A newly discovered vulnerability dubbed “CosmicSting” jeopardizes millions of online stores | |
| built on Adobe Commerce and Magento platforms. | |
| ⚠️CosmicSting enables attackers to gain unauthorized access to sensitive files, including those containing passwords. | |
| When combined with a recent Linux bug (CVE-2024-2961),the vulnerability can be escalated to remote code execution. | |
| 📣Dorks: | |
| Hunter: http://product.name="Adobe Magento" | |
| FOFA: app="Adobe-Magento" | |
| SHODAN: http.html:"magento-template" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| For Start...... | |
| http://teamultimate.in/ | |
| http://cybertron.co.in/ | |
| http://teamultimate.in/start-here/ | |
| http://null-byte.wonderhowto.com/ | |
| http://www.hackingarticles.in/ | |
| https://www.cybrary.it/ | |
| https://www.computersecuritystudent.com/ | |
| http://breakthesecurity.cysecurity.org/p/hacking-tutorials-for-beginners.html | |
| http://www.guru99.com/learn-penetration-testing.html |