CosmicSting (CVE-2024-34102) Validator
Online Validator to confirm if your Magento 2 store is still vulnerable to the CosmicSting (CVE-2024-34102) vulnerability.
Privacy Note: The only data we store from each test, is a SHA256 hash of the domain within access logs along with the requesting IP address. And this is due to the bidirectional request nature of the exploit.
Note: There is multi-faceted rate limiting applied to help prevent abuse of this service (velocity & max requests).
If you have a legitimate use for exceeding this rate limit get in touch, either on LinkedIn "SamJUK" or via Email [email protected]
If you are of a more technical nature, I would recommend running the POC from your own machine via Python. (The instructions are pretty simple). CLI Validator In Python
Whitelisting this service
If you have a WAF in place, it may potentially block this service from testing your Magento store. There are two potential reasons for this to occur.
1. Your server is blocking the country/hosting provider this service is run from. If this is the case, we recommend you whitelist the UserAgent of this service "CosmicSting/Samdjames.uk" in your WAF.
2. Your WAF has rules applied to identify and block Cosmicsting / XXE requests (this is good!), although double your configured to confirm this, do not just assume it
Related Resources
POC in Python (CLI Validator without rate limits)
https://sansec.io/research/cosmicsting
https://www.sdj.pw/posts/magento2-cosmic-sting-check/
What is Magento's CosmicSting Vulnerability?
CosmicSting (aka CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years. In itself, it allows anyone to read private files (such as those with passwords). However, combined with the recent iconv bug in Linux, it turns into the security nightmare of remote code execution. This killer bug grants full control to adversaries and the attack can be automated, which may lead to mass-hacks on a global scale. (Update July 1st: this is happening right now!)