In a recent post on a dark web forum, a threat actor has claimed to be selling an exploit for a zero-day vulnerability in Magento 2, a widely used e-commerce platform. The vulnerability, identified as CVE-2024-34102, reportedly allows for remote code execution (RCE) and the establishment of an SSH shell on targeted systems.
The threat actor describes the exploit as highly automated, requiring only the input of a URL to initiate the attack. “The process is automated, you just have to input the URL, and it auto-exploits,” the post reads, suggesting that even less technically skilled individuals could use the tool effectively.
The asking price for the exploit is $20,000 per copy, with the seller offering only five copies for sale. Potential buyers are invited to reach out through private messages for further negotiation and details. The post mentions that transactions via dark web escrow service are welcome.