The exploit demonstrates a Local File Inclusion (LFI) vulnerability in OpenCart 1.5.2.1 via directory traversal using backslashes on Windows systems, and an Arbitrary File Upload vulnerability by bypassing file extension checks with null bytes. Both vulnerabilities can lead to remote code execution under specific conditions.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:OpenCart 1.5.2.1
No auth needed
Prerequisites:Windows platform · PHP version < 5.3.4 for null-byte attacks