Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-29489 PoC — Cpanel 跨站脚本漏洞

Source
https://github.com/mdaseem03/cpanel_xss_2023
Associated Vulnerability
Title:Cpanel 跨站脚本漏洞 (CVE-2023-29489)
Description:Cpanel是美国Cpanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 Cpanel 11.109.9999.116之前版本存在安全漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。
Description
cpanel_xss_2023 is a simple Python script designed for finding CVE-2023-29489 vulnerability in cpanel.
Readme

## About the Tool ⚒️

`cpanel_xss_2023` is a simple Python script designed for finding CVE-2023-29489 vulnerability and exploitability in cpanel.

![Working](assets/images/working.jpg)

## Features ⚙️

- **CVE-2023-29489 Scanning:** Identifies and scans for the CVE-2023-29489 vulnerability and exploitation.
- **URL Input:** Supports scanning a single URL or reading multiple URLs from a file.
- **Output Logging:** Allows users to write the scan results to an output file.
- **Telegram Notification:** Option to create Telegram notifications for scan results.

## Prerequisites 🧩

Before using `cpanel_xss_2023`, make sure you have the following prerequisites installed:

1. **Python 3.x**: Ensure you have Python 3.x installed on your system.

   - [Download Python](https://www.python.org/downloads/)

2. **Required Python Packages**:

   - **Click**: Install the `click` library using the following command:

     ```bash
     pip install click
     ```

   - **Requests**: Install the `requests` library using the following command:

     ```bash
     pip install requests
     ```

   - **PyYAML**: Install the `PyYAML` library using the following command:

     ```bash
     pip install PyYAML
     ```

3. **Telegram Notification (Optional)**:

   If you plan to use the Telegram notification feature, you'll need to set up a Telegram bot and obtain your chat ID. Follow these steps:

   - Create a Telegram bot using the [BotFather](https://core.telegram.org/bots#botfather).
   - Obtain your chat ID using the [get_id_bot](https://t.me/get_id_bot).

## Installation ⬇️

```bash
pip install cpanel-xss-2023
sudo cp ~/.local/bin/cpanel_xss_2023 /usr/bin
```

## Usage 🚀

```bash
cpanel_xss_2023 -u https://example.com
cpanel_xss_2023 -i urls.txt -o results.txt
cpanel_xss_2023 -u https://example.com -c your_telegram_chat_id
```

## Help Menu ❓

![Help](assets/images/help.jpg)

- `u, --url:` Specify the URL to scan for the CVE-2023-29489 vulnerability.
Example: cpanel_xss_2023 -u https://target.com

- `i, --input:` Read input URLs from a file.
Example: cpanel_xss_2023 -i target.txt

- `o, --output:` Write scan results to an output file.
Example: cpanel_xss_2023 -i target.txt -o output.txt

- `c, --chatid:` Create Telegram notifications for scan results.
Example: cpanel_xss_2023 --chatid your_telegram_chat_id

- `h, --help:` Display the help menu.

## PyPi Module Link
[Link](https://pypi.org/project/cpanel-xss-2023/)

## Disclaimer ⚠️
This script is intended for educational and ethical purposes only. Unauthorized use of this script to perform malicious activities is strictly prohibited. The developers are not responsible for any misuse or damage caused by this script.

## Version History 🕒
- `v1.0`: Find CVE-2023-29489 in cpanel
- `v1.1`: Find whether the endpoint is exploitable or not


### Profile Views 👁️
![](https://komarev.com/ghpvc/?username=mdaseem03&color=lightgrey&style=flat-square&label=VIEWS+COUNT)

## License 🪪
[![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](https://choosealicense.com/licenses/mit/)

## Author 👤
[@mdaseem03](https://github.com/mdaseem03)

## Connect at 💬
<a href="https://www.linkedin.com/in/mohammed-aseem%F0%9F%8E%96-11baa6217/" target="blank"><img align="center" src="https://raw.githubusercontent.com/rahuldkjain/github-profile-readme-generator/master/src/images/icons/Social/linked-in-alt.svg" alt="cyberspartan" height="30" width="40" /></a>
<a href="https://www.instagram.com/mdaseem_03" target="blank"><img align="center" src="https://raw.githubusercontent.com/rahuldkjain/github-profile-readme-generator/master/src/images/icons/Social/instagram.svg" alt="karthithehacker" height="30" width="40" /></a>
File Snapshot

 [4.0K]  /data/pocs/2996bfd847b72eb67c00c5277e739f48dd3b8e68
├── [4.0K]  assets
│   └── [4.0K]  images
│       ├── [ 71K]  help.jpg
│       └── [ 32K]  working.jpg
├── [4.0K]  includes
│   ├── [ 654]  bot.py
│   ├── [ 499]  filereader.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  __pycache__
│   │   ├── [1.2K]  bot.cpython-311.pyc
│   │   ├── [1.2K]  filereader.cpython-311.pyc
│   │   ├── [ 188]  __init__.cpython-311.pyc
│   │   ├── [3.3K]  scan.cpython-311.pyc
│   │   └── [ 811]  writefile.cpython-311.pyc
│   ├── [1.9K]  scan.py
│   └── [ 305]  writefile.py
├── [ 216]  __init__.py
├── [1.0K]  LICENSE
├── [1.5K]  main.py
├── [3.6K]  README.md
└── [4.0K]  utils
    ├── [1.9K]  configure.py
    ├── [ 530]  const.py
    ├── [2.1K]  helpers.py
    ├── [   0]  __init__.py
    └── [4.0K]  __pycache__
        ├── [3.9K]  configure.cpython-311.pyc
        ├── [1.1K]  const.cpython-311.pyc
        ├── [2.6K]  helpers.cpython-311.pyc
        └── [ 185]  __init__.cpython-311.pyc

6 directories, 24 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.