BugTraq
Back to list
|
Post reply
XSS Vulnerability on Vodafone
May 24 2006 09:36PM
try_og hotmail com
Some link on the website Vodafone.de contains
a little vulnerability that could be used for
illegal purposes.
It could be used for phishing or other purposes.
hxxp:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
hxxps:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
Actually it's a page that's used for getting
your unlock code for a VPA IV.
It's limited to 15 input characters,
but it's easily bypassed by looking at
the source of the page and searching for
the little page where the input goes.
I hope they fix this "little" big problem.
O.G.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
a little vulnerability that could be used for
illegal purposes.
It could be used for phishing or other purposes.
hxxp:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
hxxps:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
Actually it's a page that's used for getting
your unlock code for a VPA IV.
It's limited to 15 input characters,
but it's easily bypassed by looking at
the source of the page and searching for
the little page where the input goes.
I hope they fix this "little" big problem.
O.G.
[ reply ]