Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-29489 PoC — Cpanel 跨站脚本漏洞

Source
https://github.com/whalebone7/EagleEye
Associated Vulnerability
Title:Cpanel 跨站脚本漏洞 (CVE-2023-29489)
Description:Cpanel是美国Cpanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 Cpanel 11.109.9999.116之前版本存在安全漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。
Description
To filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. Simply run ./ee.sh -f "path/to/index_screenshot.txt" -k "hacked" and the script will filter the URLs that contain the reflective XSS payload (For Example: cPanel CVE-2023-29489 ) in their screenshots.
Readme
# EagleEye:

![carbon](https://user-images.githubusercontent.com/125891350/235403510-7b76c066-3606-4254-b795-9c29125e7567.png)


With the addition of the -ss option in HTTPX by Project Discovery, it is now possible to create a list of potentially vulnerable URLs with `gf xss` and `qsreplace` with the XSS payload, such as `<script>alert(hacked)</script>`. HTTPX will then visit all the URLs and take screenshots of them, which are stored in `output/screenshot/index_screenshot.txt`.

To filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. Simply run `./ee.sh -f "path/to/index_screenshot.txt" -k "hacked"` and the script will filter the URLs that contain the provided XSS payload in their screenshots.

This process allows you to quickly identify potentially vulnerable URLs and filter out false positives based on the presence of the XSS payload in the screenshots. It can be a powerful tool in identifying and mitigating XSS vulnerabilities in your web applications.

With some mastery of the tools and techniques mentioned, you can apply them to find multiple types of vulnerabilities.

It's important to note that this tool is intended for ethical hackers and cybersecurity researchers who are conducting vulnerability testing within the bounds of the law and industry best practices. It is not to be used for any illegal or malicious activities. The responsibility falls on the user to ensure that they are using this tool.

# Installation:
This tool requires Tesseract OCR to be installed. It can be installed on Linux, macOS, and Windows by following the instructions on the official Tesseract OCR GitHub repository. Additionally, the script requires the Bash shell to be installed, which is pre-installed on most Unix-based systems.

1.`Git Clone` "This_Rep" `&&` `cd EagleEye`

2.`Chmod +x ee.sh`

3.`./ee.sh`
File Snapshot

 [4.0K]  /data/pocs/d8aa5b539595ee348e1dd035b650dc5e53658e52
├── [1.8K]  ee.sh
└── [1.8K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.