Sunday, November 1, 2009

Vodafone India XSS Vulnerability Disclosure

Dear All,

So It's 1st Nov.09 and I was paying my mobile bill using Vodafone online Payment.

Now While doing that I notices the Big Banner Advertising that they are PCI DSS Certified by SISA for It's Mumbai Operations. Now I guess that they are advertising it on website so Website is also included in PCI DSS Cert. Just a guess because Online Payment is Crucial Part and I think that It should be included while testing for PCI-DSS.........



So I decided to do some time pass on the website and as usual this one is also vulnerable for XSS. Now as what I know about PCI DSS Cert. is If Injection Or XSS Is possible in any of the given application then you will not get PCI DSS Cert. It is considered as NC. Only 1 Vulnerable entry is also considered as NC.

Have a Look,

Any Comments ??
Posted by at

1 comment:

Matrix said...

u rock dude go on make it big... waiting for more awareness !!!!

November 3, 2009 at 9:55 AM

Post a Comment

Subscribe to: Post Comments (Atom)