Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/samjuk/cosmicsting-validator
CosmicSting (CVE-2024-34102) POC / Patch Validator
https://github.com/samjuk/cosmicsting-validator
cosmicsting cve-2024-34102 devsecops magento magento-security-patches poc proof-of-concept security
Last synced: 6 days ago
JSON representation
CosmicSting (CVE-2024-34102) POC / Patch Validator
- Host: GitHub
- URL: https://github.com/samjuk/cosmicsting-validator
- Owner: SamJUK
- Created: 2024-07-07T23:35:18.000Z (7 months ago)
- Default Branch: master
- Last Pushed: 2024-07-13T16:59:23.000Z (7 months ago)
- Last Synced: 2024-07-13T22:12:21.540Z (7 months ago)
- Topics: cosmicsting, cve-2024-34102, devsecops, magento, magento-security-patches, poc, proof-of-concept, security
- Language: Python
- Homepage: https://cosmicsting.samdjames.uk/
- Size: 4.88 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
A [Cosmicsting POC](https://github.com/Chocapikk/CVE-2024-34102), with a bash script to check all of our hosted sites to confirm the patch.
This repository is provided to allow store owners / hosts to confirm the patch is applied on stores. Within `check.bash` add domains to the `SITES` list.
[https://www.sdj.pw/posts/magento2-cosmic-sting-check/](https://www.sdj.pw/posts/magento2-cosmic-sting-check/)
[https://cosmicsting.samdjames.uk/](Online Validator https://cosmicsting.samdjames.uk/)
## Usage
```sh
# Create a python vitual environment for the project
python -m venv venv
# Install the requirements
pip install -r requirements.txt
# Run the bulk validator script
./z_validate sites/example.txt
./z_validate sites/acme.txt
# Run the POC against a single URL
./poc.py -u https://samdjames.uk
# For unpatched sites, run a very BASIC compromised check (dump script srcs)
# And run a diff against old detected scripts each execution
./z_compromise_check sites/example.txt
```