Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-29489 PoC — Cpanel 跨站脚本漏洞

Source
https://github.com/Thuankobtcode/CVE-2023-29489
Associated Vulnerability
Title:Cpanel 跨站脚本漏洞 (CVE-2023-29489)
Description:An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Readme
<h1 align="center">CVE-2023-29489</h1>

<p align="center">
The security vulnerability is recorded in the Common Vulnerabilities and Exposures (CVE) system. Specifically, this vulnerability is related to cPanel, a popular hosting management software. This flaw allows for cross-site scripting (XSS) attacks through specially crafted requests."
</p>
<h1 align="center">Details about CVE-2023-29489</h1>
<p align="center">
This vulnerability allows attackers to execute malicious JavaScript code in a user's browser 💻 through specially crafted requests sent to the cPanel interface. This can lead to the theft of sensitive information 🔒, such as session cookies, or the performance of unauthorized actions 🚫 on behalf of the user.
Severity ⚠️

According to the Common Vulnerability Scoring System (CVSS) scale, this vulnerability is rated as medium (approximately 5.4/10, depending on implementation).
Affected Versions 🗓️

cPanel versions prior to the patched release (specifically, versions before the security update).
Recommendation 🛡️

Users should update cPanel to the latest version to patch this vulnerability. The cPanel provider has already released a fix to address the issue.
Disclosure Date 📅

The vulnerability was publicly disclosed around April 2023</p>

<h1 align="center">TOOLS EXPLOIT</h1>
<p align="center">
The CVE-2023-29489 Exploit Tool is pretty good... hmm, maybe not as good as some other tools out there, but whatever, it's fine. Its main function is to check websites in bulk for vulnerabilities related to Common Vulnerabilities and Exposures in cPanel, then save the test results. I use Python and leverage colorama and requests in Python to exploit it more powerfully. It adds payloads to test for vulnerabilities ::) yeah, my way of talking is kinda hard to understand, but I don’t care if you get it or not : ) just remember to like my tool, that’s enough, thanks for checking it out.

  # VIDEO
https://github.com/user-attachments/assets/29b174f3-5228-4c0f-a139-ed22a7bf9d58

![photo_2025-06-05_19-03-06](https://github.com/user-attachments/assets/bf6e4dd0-8eb6-4774-93df-de975821c160)
Note: I’m never responsible if you use my tool for illegal activities; it has nothing to do with me.
</p>
<h1 align="center">JOIN THE GROUP</h1>


# TELEGRAM CHANNELS - https://t.me/humanpcc
-
# REDDIT - https://www.reddit.com/user/luckkystopdz/
-
# MAILS - luckkystopdz@gmail.com
File Snapshot

 [4.0K]  /data/pocs/a291a13e2f85fee5899856d98dae1f23c5feeb1c
├── [4.9K]  CVE-2023-29489.py
├── [2.4K]  README.md
└── [ 17K]  site.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →