
Weak Security and Vulnerabilities in the Portuguese Government's Auth System - iluxonchik
https://iluxonchik.github.io/weak-security-of-portuguese-government/
======
mmoura11s
Is the XSS exploitable? Can you insert data in the phone field via a form
submit or URL param? Seems like the attack requires exceedingly unlikely user
interaction.

Did you contact the Portuguese National Data Protection Agency? If you can
leak phone numbers, they should be informed.

Cool findings :)

~~~
iluxonchik
Thank you :)

Regarding the XSS attack, I have the answer here:
[https://iluxonchik.github.io/chave-movel-digital-
xss/#commen...](https://iluxonchik.github.io/chave-movel-digital-
xss/#comment-3900328496)

I did not, thank you for suggesting, I will do it now.

------
vmateixeira
When your cousin's software consultancy company is hired...

