NASA Full-Disclosure! AGAIN
Posted by isrtinkode on February 19, 2010
_ _ _ _
| \ | | __ _ ___ __ _ / \ __ _ __ _(_)_ __
| \| |/ _` / __|/ _` | / _ \ / _` |/ _` | | '_ \
| |\ | (_| \__ \ (_| | / ___ \ (_| | (_| | | | | |
|_| \_|\__,_|___/\__,_| /_/ \_\__, |\__,_|_|_| |_|
|___/
#Full Disclosure... c0de.breaker
#Important
Ok. First of all, the reason I made this SQLi public ( even though I had no intention to make this ) , is because I found out that somebody else discovered the vulnerable parameter.I found this SQLi 3 months ago.
# Why do I test websites?
Because it is my hobby , and I want to prove that even the big websites, which should be highly secured, can be hacked. This is the reality , and it makes me sad.I feeling alright about what I’m doing, because if anyone finds a vulnerability before me , he/she could use it in harmful ways such as: shelling , rooting , backdooring , deleting etc
Ok. First of all, the reason I made this SQLi public ( even though I had no intention to make this ) , is because I found out that somebody else discovered the vulnerable parameter.I found this SQLi 3 months ago.
# Why do I test websites?
Because it is my hobby , and I want to prove that even the big websites, which should be highly secured, can be hacked. This is the reality , and it makes me sad.I feeling alright about what I’m doing, because if anyone finds a vulnerability before me , he/she could use it in harmful ways such as: shelling , rooting , backdooring , deleting etc
The WebSite Vulnerable: http://saif-1.larc.nasa.gov (CEOS Systems Analysis Database)
Testing:
Informations:
#Version: 5.1.31-community
#User: *******
#Main Database: *******
#Path of MySQL: C:\Documents and Settings\All Users\Application Data\MySQL\MySQL Server 5.1\Data\
Also, the magic_quotes_gpc=OFF, and “user” from mysql have all privileges:
Bad…
Other Databases:
#ceossadb
#information_schema
#mysql
#ceosvis
Tables from “ceosvis” database:
#instrument
#takes
#measurement
#contains
#mission
Tables from main Database:
#agency
#alt_names
#cat_measurements
#cat_missions
#cat_series
#cat_wavebands
#ceosdbversion
#constellations
#data_access_links
#db_update_phases
#ecv
#instr
#instr_agencies
#instr_desc
#instr_geometry
#instr_maturity
#instr_mission
#instr_res_swath_temp
#instr_sampling
#instr_status
#instr_status_biz
#instr_technology
#instr_technology_rawdata
#instr_type
#instr_waveband
#mappedor1
#measurement_confidence
#measurement_desc
#measurement_type
#measurementtypesconfidencepilot
#measurementtypespending
#method
#mission_agencies
#mission_status
#missions
#obs_requirments
#orbit_sense
#orbit_type
#requirements
#series
#series_agency
#series_missions
#societal_benefits
#sys_diagrams
#taxonomy
#typeatmosphere
#typereqapplication
#typerequirementsource
#typesmeasurementsconfidencepilot
#wmo_measurement
I made this public, because I saw the website down, and I think the administrators will fix the vulnerability once someone reports the problem. (sorry because i didn’t make this first, if was that)
Posts
