Share
## https://sploitus.com/exploit?id=A60D077E-329F-5832-94F8-DC0936393F4C
A [Cosmicsting POC](https://github.com/Chocapikk/CVE-2024-34102), with a bash script to check all of our hosted sites to confirm the patch.

This repository is provided to allow store owners / hosts to confirm the patch is applied on stores. Within `check.bash` add domains to the `SITES` list.

[https://www.sdj.pw/posts/magento2-cosmic-sting-check/](https://www.sdj.pw/posts/magento2-cosmic-sting-check/)

[https://cosmicsting.samdjames.uk/](Online Validator https://cosmicsting.samdjames.uk/)

## Usage
```sh
# Create a python vitual environment for the project
python -m venv venv

# Install the requirements
pip install -r requirements.txt

# Run the bulk validator script
./z_validate sites/example.txt
./z_validate sites/acme.txt

# Run the POC against a single URL
./poc.py -u https://samdjames.uk

# For unpatched sites, run a very BASIC compromised check (dump script srcs)
# And run a diff against old detected scripts each execution
./z_compromise_check sites/example.txt
```