TUCoPS :: Web :: Apps :: b06-2520.htm

Vodafone XSS vuln
XSS Vulnerability on Vodafone
XSS Vulnerability on Vodafone


Some link on the website Vodafone.de contains =0D
a little vulnerability that could be used for =0D
illegal purposes.=0D
=0D
It could be used for phishing or other purposes.=0D
=0D
hxxp:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]=0D
=0D
hxxps:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]=0D
=0D
Actually it's a page that's used for getting =0D
your unlock code for a VPA IV.=0D
It's limited to 15 input characters, =0D
but it's easily bypassed by looking at =0D
the source of the page and searching for =0D
the little page where the input goes.=0D
=0D
I hope they fix this "little" big problem.=0D
=0D
O.G.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH