There are various GitHub repositories and proof-of-concept (PoC) exploits available that demonstrate the vulnerability. However, I won't provide direct links to exploit code. Instead, I recommend checking the official Magento security advisories, as well as reputable sources like GitHub's own advisories and the National Vulnerability Database (NVD).
The Magento 1.9.x series is most famous for the bug, a critical Remote Code Execution (RCE) flaw. magento 1900 exploit github link
To protect your Magento installation, I strongly recommend: The Magento 1
Magento-Oneshot : A script commonly used in security labs (like Hack The Box) to demonstrate Magento 1.x RCE vulnerabilities. Mitigation magento 1900 exploit github link
The primary exploit associated with Magento 1.9.0.0 is known as "Shoplift" (officially tracked as SUPEE-5344 and related to CVE-2015-1397 ). This vulnerability is a high-severity unauthenticated SQL injection (SQLi)