Showing posts with label nasa. Show all posts
Showing posts with label nasa. Show all posts

Wednesday, March 11, 2009

Advisory updates: Q1 2009 and a few more ...

Advisory updates, First Quarter, 2009, and a few from 2008.



DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...

The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.

HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)

The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , ,

Tuesday, February 10, 2009

Fresh stock: XSS in NASA

###############################
# Website: http://www.nasa.gov
# Open source & NASA
# Bug: XSS
# Date: 10.02.09
#############################



Vulnerable URL: hxxp://opensource.gsfc.nasa.gov/feedback.php
Post based XSS: any field

Click here for POST request

Fix input validation in all the fields...

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , , ,

Tuesday, January 27, 2009

NASA fixed the XSS

Well, well, well, it is that time of the day again, when a demo on NASA fails ... ;)

They fixed the bug in 3 days, which is not bad ...

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , ,

Saturday, January 24, 2009

XSS in NASA website, again

#########################################
# Website: http://www.nasa.gov
# It's time to know more about astronauts and gravity
# Bug: XSS
# Date: 24.01.09
########################################


Vulnerable URL: hxxp://astrogravs.nasa.gov

Click here for the demo

Fix input validation in the page.

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , ,

Thursday, October 2, 2008

OMG, Fixed ?

Well well well ... something unexpected ... NASA & WebSense have Fix'd the bugs which is a positive move.

Maybe full disclosure, and old-school publicity forces people to fix ? ... You bet it does ;)

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , ,

Thursday, March 27, 2008

XSS in NASA website

Advisory #1 (2008)

#############################
# Website: www.nasa.gov
# Bug: XSS - Cross Site Scripting
# Date: 25.03.08
#############################

Vulnerable URL: hxxp://search.nasa.gov/search/search

Click here for demo (XSS)

Fix: Validate input correctly for each and every dynamic parameter on the page. Also check the ISAPI filters, for we're still out here and looking ...

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)