XSS Vulnerability on Vodafone
Some link on the website Vodafone.de contains
a little vulnerability that could be used for
illegal purposes.
It could be used for phishing or other purposes.
hxxp:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
hxxps:// website /simlock/servlets/sim?IMEI=[XSS-Code Here]
Actually it's a page that's used for getting
your unlock code for a VPA IV.
It's limited to 15 input characters,
but it's easily bypassed by looking at
the source of the page and searching for
the little page where the input goes.
I hope they fix this "little" big problem.
O.G.