Exploiting these issues could allow the attacker to execute arbitrary local files, obtain sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and bypass certain security restrictions to perform unauthorized actions.
Proof of Concept and Security Exploits:
Attackers can use a browser to exploit these issues. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user into following a malicious URI.
The following exploit URIs are available:
http://www.example.com/dispatch.php (GET: atklevel, atkaction, atkstackid,atkselector, atkfilter, searchString)