The most notorious exploit associated with Magento 1.x versions, including 1.9.0.0, is the vulnerability known as "Shoplift." How the Exploit Works
Instead, use legitimate scanners like or MageReport (which checks for known SUPEE patches).
– Search Google Scholar for:
Almost every magento 1.9.0.0 exploit repo on GitHub contains a DISCLAIMER.md stating:
Key CVE: . Exploit chain: Inject SQL into sales/quote → Extract encryption key → Craft admin session → Upload malicious data-flow profile.