CVE-2023-29489 PoC — Cpanel 跨站脚本漏洞

Source

https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner-

Associated Vulnerability

Title:Cpanel 跨站脚本漏洞 (CVE-2023-29489)
Description:Cpanel是美国Cpanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 Cpanel 11.109.9999.116之前版本存在安全漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。

Readme

# Validate-CVE-2023-29489-scanner
Inspired by https://github.com/haxor1337x/Scanner-CVE-2023-29489

Verifies CVE-2023-29489 XSS on Cpanel webcall.

Features:
- Mass scan IPs based on CIDR or a set of range
- Scan based on specific common ports of cpanel

Requirements:
- Python 3.10+
- Selenium
- Google Chrome

Usage 
```
python3 xss_scanner.py --headless --ignore-certificate-errors
```
Ensure "ipaddr.txt" contains the IP addresss you wish to scan for

Disclaimer:
This is only for educational and curiousity purpose. Use this at your own risk!

File Snapshot


 [4.0K]  /data/pocs/d6335d76fb0c81b7f6a56a88d5ef597ba1b2946f
├── [   7]  ipaddr.txt
├── [ 34K]  LICENSE
├── [  51]  port.txt
├── [ 548]  README.md
├── [   0]  vuln.txt
└── [5.5K]  xss_scanner.py

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!