漏洞平台

POC详情： 2996bfd847b72eb67c00c5277e739f48dd3b8e68

来源

https://github.com/mdaseem03/cpanel_xss_2023

关联漏洞

标题： Cpanel 跨站脚本漏洞 (CVE-2023-29489)
描述：Cpanel是美国Cpanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 Cpanel 11.109.9999.116之前版本存在安全漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。

描述

cpanel_xss_2023 is a simple Python script designed for finding CVE-2023-29489 vulnerability in cpanel.

介绍


## About the Tool ⚒️

`cpanel_xss_2023` is a simple Python script designed for finding CVE-2023-29489 vulnerability and exploitability in cpanel.

![Working](assets/images/working.jpg)

## Features ⚙️

- **CVE-2023-29489 Scanning:** Identifies and scans for the CVE-2023-29489 vulnerability and exploitation.
- **URL Input:** Supports scanning a single URL or reading multiple URLs from a file.
- **Output Logging:** Allows users to write the scan results to an output file.
- **Telegram Notification:** Option to create Telegram notifications for scan results.

## Prerequisites 🧩

Before using `cpanel_xss_2023`, make sure you have the following prerequisites installed:

1. **Python 3.x**: Ensure you have Python 3.x installed on your system.

   - [Download Python](https://www.python.org/downloads/)

2. **Required Python Packages**:

   - **Click**: Install the `click` library using the following command:

     ```bash
     pip install click
     ```

   - **Requests**: Install the `requests` library using the following command:

     ```bash
     pip install requests
     ```

   - **PyYAML**: Install the `PyYAML` library using the following command:

     ```bash
     pip install PyYAML
     ```

3. **Telegram Notification (Optional)**:

   If you plan to use the Telegram notification feature, you'll need to set up a Telegram bot and obtain your chat ID. Follow these steps:

   - Create a Telegram bot using the [BotFather](https://core.telegram.org/bots#botfather).
   - Obtain your chat ID using the [get_id_bot](https://t.me/get_id_bot).

## Installation ⬇️

```bash
pip install cpanel-xss-2023
sudo cp ~/.local/bin/cpanel_xss_2023 /usr/bin
```

## Usage 🚀

```bash
cpanel_xss_2023 -u https://example.com
cpanel_xss_2023 -i urls.txt -o results.txt
cpanel_xss_2023 -u https://example.com -c your_telegram_chat_id
```

## Help Menu ❓

![Help](assets/images/help.jpg)

- `u, --url:` Specify the URL to scan for the CVE-2023-29489 vulnerability.
Example: cpanel_xss_2023 -u https://target.com

- `i, --input:` Read input URLs from a file.
Example: cpanel_xss_2023 -i target.txt

- `o, --output:` Write scan results to an output file.
Example: cpanel_xss_2023 -i target.txt -o output.txt

- `c, --chatid:` Create Telegram notifications for scan results.
Example: cpanel_xss_2023 --chatid your_telegram_chat_id

- `h, --help:` Display the help menu.

## PyPi Module Link
[Link](https://pypi.org/project/cpanel-xss-2023/)

## Disclaimer ⚠️
This script is intended for educational and ethical purposes only. Unauthorized use of this script to perform malicious activities is strictly prohibited. The developers are not responsible for any misuse or damage caused by this script.

## Version History 🕒
- `v1.0`: Find CVE-2023-29489 in cpanel
- `v1.1`: Find whether the endpoint is exploitable or not


### Profile Views 👁️
![](https://komarev.com/ghpvc/?username=mdaseem03&color=lightgrey&style=flat-square&label=VIEWS+COUNT)

## License 🪪
[![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](https://choosealicense.com/licenses/mit/)

## Author 👤
[@mdaseem03](https://github.com/mdaseem03)

## Connect at 💬
<a href="https://www.linkedin.com/in/mohammed-aseem%F0%9F%8E%96-11baa6217/" target="blank"><img align="center" src="https://raw.githubusercontent.com/rahuldkjain/github-profile-readme-generator/master/src/images/icons/Social/linked-in-alt.svg" alt="cyberspartan" height="30" width="40" /></a>
<a href="https://www.instagram.com/mdaseem_03" target="blank"><img align="center" src="https://raw.githubusercontent.com/rahuldkjain/github-profile-readme-generator/master/src/images/icons/Social/instagram.svg" alt="karthithehacker" height="30" width="40" /></a>

文件快照


 [4.0K]  /data/pocs/2996bfd847b72eb67c00c5277e739f48dd3b8e68
├── [4.0K]  assets
│   └── [4.0K]  images
│       ├── [ 71K]  help.jpg
│       └── [ 32K]  working.jpg
├── [4.0K]  includes
│   ├── [ 654]  bot.py
│   ├── [ 499]  filereader.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  __pycache__
│   │   ├── [1.2K]  bot.cpython-311.pyc
│   │   ├── [1.2K]  filereader.cpython-311.pyc
│   │   ├── [ 188]  __init__.cpython-311.pyc
│   │   ├── [3.3K]  scan.cpython-311.pyc
│   │   └── [ 811]  writefile.cpython-311.pyc
│   ├── [1.9K]  scan.py
│   └── [ 305]  writefile.py
├── [ 216]  __init__.py
├── [1.0K]  LICENSE
├── [1.5K]  main.py
├── [3.6K]  README.md
└── [4.0K]  utils
    ├── [1.9K]  configure.py
    ├── [ 530]  const.py
    ├── [2.1K]  helpers.py
    ├── [   0]  __init__.py
    └── [4.0K]  __pycache__
        ├── [3.9K]  configure.cpython-311.pyc
        ├── [1.1K]  const.cpython-311.pyc
        ├── [2.6K]  helpers.cpython-311.pyc
        └── [ 185]  __init__.cpython-311.pyc

6 directories, 24 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。