Threat Actor: Unknown | Unknown
Victim: Magento 2 | Magento 2
Price: $20,000
Exfiltrated Data Type: Remote Code Execution (RCE) exploit
Key Points :
- The exploit targets a zero-day vulnerability identified as CVE-2024-34102.
- It allows for remote code execution and the establishment of an SSH shell on targeted systems.
- The exploit is highly automated, requiring only the input of a URL to initiate the attack.
- The seller is offering only five copies of the exploit for sale.
- Transactions can be conducted through a dark web escrow service.
In a recent post on a dark web forum, a threat actor has claimed to be selling an exploit for a zero-day vulnerability in Magento 2, a widely used e-commerce platform. The vulnerability, identified as CVE-2024-34102, reportedly allows for remote code execution (RCE) and the establishment of an SSH shell on targeted systems.
The threat actor describes the exploit as highly automated, requiring only the input of a URL to initiate the attack. “The process is automated, you just have to input the URL, and it auto-exploits,” the post reads, suggesting that even less technically skilled individuals could use the tool effectively.
The asking price for the exploit is $20,000 per copy, with the seller offering only five copies for sale. Potential buyers are invited to reach out through private messages for further negotiation and details. The post mentions that transactions via dark web escrow service are welcome.
The post Threat Actor Offers Exploit for Magento 2 Vulnerability appeared first on Daily Dark Web.