Post by cosmicx » Sat Feb 27, 2021 4:07 pm

Hi, I bought a commercial module from the marketplace and took a peek in the files.

It wasn't installing so i did my own investigation while waiting for the developer to get back to me.

I saw this code from one of the module files (obfuscated some of the code for anonymity):

Code: Select all

<?php 
@mail('info@domain.tld', 'ModuleName Module installed (230123)', HTTP_CATALOG . ' - ' . $this->config->get('config_name') . "\r\n" . 'version - ' . VERSION . "\r\n" . 'IP - ' . $this->request->server['REMOTE_ADDR'], 'MIME-Version: 1.0' . "\r\n" . 'Content-type: text/plain; charset=UTF-8' . "\r\n" . 'From: ' . $this->config->get('config_owner') . ' <' . $this->config->get('config_email') . '>' . "\r\n");
?>
Question is:
What that email address do? Found in "installer.php" file

I don't know php codes, but I'm suspicious about it - I think it is calling back someone.

Will someone here explain, PLEASE?

Active Member

Posts

Joined
Mon Jan 09, 2012 6:27 pm

Post by thekrotek » Sat Feb 27, 2021 4:47 pm

With this code developer can sell your kidney.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by JNeuhoff » Sat Feb 27, 2021 8:39 pm

It looks like the installer sends an email to the extension author so he knows who has installed the extension when and where.

Personally, I'd stay from an extension like that and ask for a refund. Or comment out this code section.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am

Who is online

Users browsing this forum: No registered users and 35 guests