# cpanel_29489 Tool

## Overview

The cpanel_29489 tool is designed to identify and test the Cross-Site Scripting (XSS) vulnerability (CVE-2023-29489) in cPanel. This tool allows security professionals to check whether a given URL is susceptible to XSS attacks and provides a way to test different payloads.

## Bug Details

- **CVE ID:** CVE-2023-29489
- **Bug Name:** R-XSS
- **Bug Priority:** Medium
- **Vulnerable URL:** []('karthithehacker'%29%22%3Eaaaaaaaaaaaa)
- **CVE Description:** An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.

## Tool Usage

### Installation

pip install -i cpanel-29489

### Command Line Options

- `-u` or `--url`: Specify the target URL.
- `-o` or `--output`: Specify the output file to store the results.
- `-p` or `--payload`: Specify the path to a file containing custom XSS payloads.
- `-i` or `--input`: Specify the path to a file containing a list of URLs to test.

### Examples

1. Basic usage with default payload:

   cpanel_29489 -u -o output.txt

2. Using custom payload file:

   cpanel_29489 -u -o output.txt -p

3. Batch testing from an input file:

   cpanel_29489 -i /path/to/input.txt -o output.txt

## Output

The tool generates a detailed output indicating the vulnerable URLs and the payloads that triggered the XSS vulnerability.

## Impact

The impact of an XSS attack can vary depending on the nature of the application. It may range from minimal impact in public, anonymous applications to serious or critical impact in applications with sensitive data or privileged access.

## Remediation

To mitigate the vulnerability, apply the latest security patches or updates provided by cPanel.

## References

- [Assetnote Blog](
- [NIST CVE Details](
- [cPanel Forums](

## Contact

- **POC by:** [@karthithehacker](
- **Mail:** [](
- **Website:** [](

## Deadline

The deadline for this task is Monday.

## Disclaimer

This tool is developed for educational and testing purposes. Use it responsibly and ensure you have proper authorization before testing any system.