Several Vodafone sites vulnerables to XSS

begood · September 29, 2010

Several Vodafone sites vulnerables to XSS flaws, could aid phishing attacks

Vodafone.com , Vodafone.ro , Vodafone.com.tr , Vodafone.com.au , Vodafone.es , Vodafone.it , Vodafone.gr , Vodafone.ie , Vodafone.in , Vodafone.de , Vodafone.co.uk

Proof of concept:

https://www.vodafone.ro/mydomain/shop/voda.signup.cgi?pageid=print_moreinfo&id=XSS

http://runners.vodafone.com/wp-content/plugins/post-star-rating/psr-ajax-stars.php?p=XSS

https://wlan.net.vodafone.it/vfile/pwlan/pages/otp/login_partner.jsp?LoginURL=login.linkem.com/sd/login&AccessLocation=isocc=it,cc=39,ac=06,network=linkem&LogoffURL=x&LocationName=XSS

https://club2020.mi.vodafone.es/rascaygana/mailing/mail_alta.php?telefono_encriptado=XSS

Vodafone Handyfinder 2.1 XSS

http://portal.vodafone.gr/vodafonenet/register/newRegister/holSSOlogin.jsp?action2=XSS

http://live.vodafone.com.tr/galleryimages/watch.php?url=http://live.vodafone.com.tr/galleryimages/rockncoke/videos/rnc_video_03.flv&keepThis=true&TB_iframe=true&height=XSS

QLD Coverage Map XSS

Search Results for:XSS

Control Panel XSS

And SQL Injection on http://mediacentre.vodafone.co.uk

Poc:

Vodafone Media Hub SQL Injection

xss works also!

All proof of concept still works,Be careful !

Security-Shell: Several Vodafone sites vulnerables to XSS

boradarius · September 29, 2010

https://online.vodafone.co.uk

vodafone-vfmrc2010

kevin@flowdigital.com-vfmrc

dar nu gasesc pagina de admin

September 29, 2010

good job,thks! Se pot face bani...

Sign In

Several Vodafone sites vulnerables to XSS

Recommended Posts

begood

boradarius

Guest User Name

Join the conversation

Browse

Activity

Pages