The Magento 1.9.0.0 exploit works by sending a malicious XML request to the server, which is then processed by the vulnerable Varien/Simplexml class. The XML request contains a malicious payload that is executed by the server, allowing the attacker to inject arbitrary code.
The Magento 1.9.0.0 exploit refers to a vulnerability in Magento's core code that allows an attacker to execute arbitrary code on the server. The vulnerability was first reported in 2015 and was later patched by Magento. However, the exploit remained a popular target for hackers, and its GitHub links continued to circulate online. magento 1900 exploit github link
htb-scripts-for-retired-boxes/swagshop/magento-oneshot.py at master The Magento 1
Several Proof-of-Concept (PoC) scripts are available on GitHub and other security repositories: Magento-Shoplift-SQLI The vulnerability was first reported in 2015 and
: An attacker uses a special parameter to trigger administrative actions without a password.
If you're interested in learning more about Magento vulnerabilities, specifically those that might have been exploited around the version 1.9.0.0 (which I infer from "magento 1900") or any other version, I recommend focusing on official sources or responsible disclosure channels.