Magento

Magento exploits

Enumeration

wordlists/technologies/magento-all-levels.txt at main · trickest/wordlistsGitHub

wordlists/technologies/magento.txt at main · trickest/wordlistsGitHub

CVE-2024-34102

CVE-2024-34102 affects Adobe Commerce / Magento versions 2.4.6 and earlier.

XML External Entity Reference (XXE) vulnerability that could result in arbitrary code execution

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102) - vsocietywww.vicarius.io

Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)www.assetnote.io

GitHub - Chocapikk/CVE-2024-34102: CosmicSting (CVE-2024-34102)GitHub

GitHub - EQSTLab/CVE-2024-34102: Adobe Commerce XXE exploitGitHub

GitHub - th3gokul/CVE-2024-34102: CVE-2024-34102: Unauthenticated Magento XXEGitHub

CVE-2022-24086 - Unauth RCE

Magento Open Source / Adobe Commerce - 2.3.3-p1 - 2.3.7-p2

Magento Open Source / Adobe Commerce - 2.4.0 - 2.4.3-p1

GitHub - oK0mo/CVE-2022-24086-RCE-PoC: Verifed Proof of Concept on CVE-2022-24086GitHub

CVE-2019-7139 - SQLi

SQL Injection in magento/community-edition | CVE-2019-7139 | SnykLearn more about Composer with Snyk Open Source Vulnerability Database

    https://magento2website.com/catalog/product_frontend_action/synchronize?
    type_id=recently_products&
    ids[0][added_at]=&
    ids[0][product_id][from]=?&
    ids[0][product_id][to]=))) OR (SELECT 1 UNION SELECT 2 FROM DUAL WHERE 1=1) -- -

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.