Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-29489 PoC — Cpanel 跨站脚本漏洞

Source
https://github.com/Thuankobtcode/CVE-2023-29489
Associated Vulnerability
Title:Cpanel 跨站脚本漏洞 (CVE-2023-29489)
Description:Cpanel是美国Cpanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 Cpanel 11.109.9999.116之前版本存在安全漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。
Readme
<h1 align="center">CVE-2023-29489</h1>

<p align="center">
The security vulnerability is recorded in the Common Vulnerabilities and Exposures (CVE) system. Specifically, this vulnerability is related to cPanel, a popular hosting management software. This flaw allows for cross-site scripting (XSS) attacks through specially crafted requests."
</p>
<h1 align="center">Details about CVE-2023-29489</h1>
<p align="center">
This vulnerability allows attackers to execute malicious JavaScript code in a user's browser 💻 through specially crafted requests sent to the cPanel interface. This can lead to the theft of sensitive information 🔒, such as session cookies, or the performance of unauthorized actions 🚫 on behalf of the user.
Severity ⚠️

According to the Common Vulnerability Scoring System (CVSS) scale, this vulnerability is rated as medium (approximately 5.4/10, depending on implementation).
Affected Versions 🗓️

cPanel versions prior to the patched release (specifically, versions before the security update).
Recommendation 🛡️

Users should update cPanel to the latest version to patch this vulnerability. The cPanel provider has already released a fix to address the issue.
Disclosure Date 📅

The vulnerability was publicly disclosed around April 2023</p>

<h1 align="center">TOOLS EXPLOIT</h1>
<p align="center">
The CVE-2023-29489 Exploit Tool is pretty good... hmm, maybe not as good as some other tools out there, but whatever, it's fine. Its main function is to check websites in bulk for vulnerabilities related to Common Vulnerabilities and Exposures in cPanel, then save the test results. I use Python and leverage colorama and requests in Python to exploit it more powerfully. It adds payloads to test for vulnerabilities ::) yeah, my way of talking is kinda hard to understand, but I don’t care if you get it or not : ) just remember to like my tool, that’s enough, thanks for checking it out.

  # VIDEO
https://github.com/user-attachments/assets/29b174f3-5228-4c0f-a139-ed22a7bf9d58

![photo_2025-06-05_19-03-06](https://github.com/user-attachments/assets/bf6e4dd0-8eb6-4774-93df-de975821c160)
Note: I’m never responsible if you use my tool for illegal activities; it has nothing to do with me.
</p>
<h1 align="center">JOIN THE GROUP</h1>


# TELEGRAM CHANNELS - https://t.me/humanpcc
-
# REDDIT - https://www.reddit.com/user/luckkystopdz/
-
# MAILS - luckkystopdz@gmail.com
File Snapshot

 [4.0K]  /data/pocs/a291a13e2f85fee5899856d98dae1f23c5feeb1c
├── [4.9K]  CVE-2023-29489.py
├── [2.4K]  README.md
└── [ 17K]  site.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.