Skip to content

SamJUK/cosmicsting-validator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
sites
sites
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
check.bash
check.bash
 
 
poc.py
poc.py
 
 
requirements.txt
requirements.txt
 
 
scripts.py
scripts.py
 
 
z_compromise_check
z_compromise_check
 
 
z_validate
z_validate
 
 

Repository files navigation

A Cosmicsting POC, with a bash script to check all of our hosted sites to confirm the patch.

This repository is provided to allow store owners / hosts to confirm the patch is applied on stores. Within check.bash add domains to the SITES list.

https://www.sdj.pw/posts/magento2-cosmic-sting-check/

Online Validator https://cosmicsting.samdjames.uk/

Setup

# Create a python virtual environment for the project
python -m venv venv

# Activate virtual environment (pick appropriate below)
source venv/bin/activate # MacOS / Unix
venv\Scripts\activate    # Windows

# Install Requirements
pip install -r requirements.txt

Usage

# Run the POC against a single store
./poc.py -u https://samdjames.uk

# To run the POC against multiple stores, first create txt file containing the list of sites seperated by a new line
# for example `sites/example.txt`. And pass it as the first positional argument of the ./z_validate script.
./z_validate sites/example.txt

# A very basic check monitoring stores for compromise
# Dumps all script src's to a file, and compares against the previous run.
./z_compromise_check sites/example.txt

About

CosmicSting (CVE-2024-34102) POC / Patch Validator

cosmicsting.samdjames.uk/

Topics

security proof-of-concept magento poc devsecops magento-security-patches cosmicsting cve-2024-34102

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages