OverLook Cross-site Scripting Vulnerability

ANATOLIA SECURITY ADVISORY

ADVISORY INFO

• Title: OverLook Cross-site Scripting
• Advisory URL: http://anatoliasecurity.com/Blog/Detay.aspx?bId=2
• Advisory ID: 2010-002
• Version: v5.0
• Date: 06/10/2010
• Impact: Execute Malicious Javascript Codes
• CWE-ID: 79
• Credit: Anatolia Security

VULNERABLE PRODUCT

• Description: "Overlook is a modern system of communication licensed of GPL (GNU Public License), which puts at disposal by the user the webmail and webcalendar
  functionalities.Since the release of the version in November 2006, downloads have exceeded the threshold of 2.000, transforming Overlook on one of the most popular
  groupware applications."
• Homepage: http://www.openit.it
• Download: http://www.openit.it/index.php?option=com_jdownloads&Itemid=87&task=viewcategory&catid=3&lang=en

VULNERABILITY DETAILS

• Description: "title.php" gets "frame" parameter with sqgetGlobalVar function. sqgetGlobalVar function apply decodeHTML function to variable. This function decode
  HTML tags so its make a chance to succesfull exploitation with some browser (e.g. Mozilla Firefox encodes HTML tags). After that application include "frame"
  variable into inline javascript code.

• Exploit/POC: http://www.anatoliasecurity.com/exploits/overlook-xss-poc.txt