关联漏洞
介绍
<p align="center"> <img src="cve202329489/Pictures/screenshot1.png" /></p>
<p align="left"> <img src="https://komarev.com/ghpvc/?username=md-thalal&label=Profile%20views&color=0e75b6&style=flat" alt="md-thalal" /> </p>
[](https://choosealicense.com/licenses/mit/)
## Introductoin
An exploitable reflected cross-site scripting (XSS) vulnerability has been discovered in certain versions of cPanel and was assigned with CVE-2023-29489. This vulnerability allows attackers to execute arbitrary JavaScript code without requiring authentication. The XSS vulnerability can still be exploited even if the cPanel management ports are not externally exposed. Websites on ports 80 and 443 are also susceptible to this vulnerability if they are managed by cPanel.
## About
An issue was discovered in cPanel before 11.109.9999.116. Cross-Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.
## Installation
- Step 1 : Use this command in terminal to install the CVE-2023-29489
```
pip install CVE-2023-29489
```
- Step 2 : To check type help commad to show the option
```
CVE-2023-29489 -h
```
<img src = "cve202329489/Pictures/screenshot2.png" />
## Table
| Options | Description | Examples |
| :--------: | :-------: | :-----------: |
| -u, --url | URL to scan | CVE-2023-29489 -u https://target.com |
| -i, --input | <filename> Read input from txt | CVE-2023-29489 -i target.txt |
| -o, --output | <filename> Write output in txt file | CVE-2023-29489 -i target.txt -o output.txt |
| -c, --chatid | Creating Telegram Notification | CVE-2023-29489 --chatid yourid |
| -b, --blog | To Read about CVE-2023-29489 Bug | CVE-2023-29489 -b |
| -h, --help | Help Menu |
## Sample Output
```
v1.0
_______ ________ ___ ____ ___ ___ ___ ________________
/ ____/ | / / ____/ |__ \ / __ \__ \|__ \ |__ \< /__ /__ < /
/ / | | / / __/________/ // / / /_/ /__/ /_______/ // / /_ < / // /
/ /___ | |/ / /__/_____/ __// /_/ / __// __/_____/ __// /___/ / / // /
\____/ |___/_____/ /____/\____/____/____/ /____/_//____/ /_//_/
Developed By https://cappriciosec.com
CVE-2022-21371 : Bug scanner for WebPentesters and Bugbounty Hunters
$ CVE-2022-21371 [option]
Usage: CVE-2022-21371 [options]
Options:
-u, --url URL to scan CVE-2022-21371 -u https://target.com
-i, --input <filename> Read input from txt CVE-2022-21371 -i target.txt
-o, --output <filename> Write output in txt file CVE-2022-21371 -i target.txt -o output.txt
-c, --chatid Creating Telegram Notification CVE-2022-21371 --chatid yourid
-b, --blog To Read about CVE-2022-21371 Bug CVE-2022-21371 -b
-h, --help Help Menu
```
<img src="cve202329489/Pictures/Screenshot3.png" width=100% />
<h3 align="left">Languages and Tools:</h3>
<p align="left"> <a href="https://www.python.org" target="_blank" rel="noreferrer"> <img src="https://raw.githubusercontent.com/devicons/devicon/master/icons/python/python-original.svg" alt="python" width="40" height="40"/> </a> </p>
## Author
[@karthi-the-hacker](https://github.com/karthi-the-hacker)
## Contact with Cappricio Securities
Website : [https://cappriciosec.com/](https://cappriciosec.com/)
Email : contact@cappriciosec.com
文件快照
[4.0K] /data/pocs/dbc95caaaebd15574938e843098a3022c93e64bb
├── [4.0K] cve202329489
│ ├── [4.0K] includes
│ │ ├── [ 677] bot.py
│ │ ├── [ 483] filereader.py
│ │ ├── [ 0] __init__.py
│ │ ├── [2.2K] scan.py
│ │ └── [ 285] writefile.py
│ ├── [ 0] __init__.py
│ ├── [1.8K] main.py
│ ├── [4.0K] Pictures
│ │ ├── [8.6K] screenshot1.png
│ │ ├── [ 28K] screenshot2.png
│ │ └── [ 15K] Screenshot3.png
│ └── [4.0K] utils
│ ├── [1.9K] configure.py
│ ├── [ 697] const.py
│ ├── [2.2K] helpers.py
│ ├── [ 0] __init__.py
│ └── [ 227] status.py
├── [1.0K] LICENSE
└── [3.6K] README.md
4 directories, 17 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。