一、 漏洞 CVE-2023-29489 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在cPanel之前11.109.9999.116发现了一个问题。通过无效的Web调用ID( SEC-669),XSS可以在 cpsrvd错误页面上发生。 fixed versions:11.109.9999.116,11.108.0.13,11.106.0.18,和11.102.0.31。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Cpanel 跨站脚本漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Cpanel是美国Cpanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 Cpanel 11.109.9999.116之前版本存在安全漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
跨站脚本
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-29489 的公开POC
# POC 描述 源链接 神龙链接
1 Nuclei template for CVE-2023-29489 https://github.com/learnerboy88/CVE-2023-29489 POC详情
2 None https://github.com/xKore123/cPanel-CVE-2023-29489 POC详情
3 a pyhton script to test all results from shodan for cPanel CVE-2023-29489, credits to @assetnote, I just automate https://github.com/ipk1/CVE-2023-29489.py POC详情
4 None https://github.com/Mostafa-Elguerdawi/CVE-2023-29489.yaml POC详情
5 None https://github.com/Mostafa-Elguerdawi/CVE-2023-29489 POC详情
6 Scanner CVE-2023-29489 Python (Selenium) https://github.com/haxor1337x/Scanner-CVE-2023-29489 POC详情
7 To filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. Simply run ./ee.sh -f "path/to/index_screenshot.txt" -k "hacked" and the script will filter the URLs that contain the reflective XSS payload (For Example: cPanel CVE-2023-29489 ) in their screenshots. https://github.com/whalebone7/EagleEye POC详情
8 CVE-2023-29489 mass exploit https://github.com/1337r0j4n/CVE-2023-29489 POC详情
9 CVE-2023-29489-XSS https://github.com/Abdullah7-ma/CVE-2023-29489 POC详情
10 None https://github.com/tucommenceapousser/CVE-2023-29489 POC详情
11 None https://github.com/tucommenceapousser/CVE-2023-29489.py POC详情
12 Mass Exploitation For (CVE-2023-29489) https://github.com/ViperM4sk/cpanel-xss-177 POC详情
13 None https://github.com/S4muraiMelayu1337/CVE-2023-29489 POC详情
14 SynixCyberCrimeMY CVE-2023-29489 Scanner By SamuraiMelayu1337 & h4zzzzzz@scc https://github.com/SynixCyberCrimeMy/CVE-2023-29489 POC详情
15 None https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner- POC详情
16 This Tool is used to check for CVE-2023-29489 Vulnerability in the provided URL with the set of payloads available https://github.com/prasad-1808/tool-29489 POC详情
17 None https://github.com/Praveenms13/CVE-2023-29489 POC详情
18 cpanel_xss_2023 is a simple Python script designed for finding CVE-2023-29489 vulnerability in cpanel. https://github.com/mdaseem03/cpanel_xss_2023 POC详情
19 # CVE-2023-29489 exploit https://github.com/some-man1/CVE-2023-29489 POC详情
20 An issue was discovered in cPanel before 11.109.9999.116. Cross-Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. https://github.com/Cappricio-Securities/CVE-2023-29489 POC详情
21 None https://github.com/md-thalal/CVE-2023-29489 POC详情
22 Mass Scaning vulnerability in Cpanel [XSS] https://github.com/0-d3y/CVE-2023-29489 POC详情
三、漏洞 CVE-2023-29489 的情报信息