NASA vulnerable to MSSQL Injection
Posted by isrtinkode on February 19, 2010
_ _ __ __ _____ _____ ____ _ _ | \ | | | \/ |/ ____/ ____|/ __ \| | (_) | \| | __ _ ___ __ _ | \ / | (___| (___ | | | | | _ | . ` |/ _` / __|/ _` | | |\/| |\___ \\___ \| | | | | | | | |\ | (_| \__ \ (_| | | | | |____) |___) | |__| | |____| | |_| \_|\__,_|___/\__,_| |_| |_|_____/_____/ \___\_\______|_| #Nasa vulnerable again (MSSQLi)@c0de.breaker
Hello, unfortunately I found another serious vulnerability in NASA, more precisely a MSSQL Injection .
I admit that, this time it was harder to make the injection.
It is the forth time this happens, but nothing can surprise me anymore. As always, I showed no interest in the content of the website.
I hope this is the last time I see these kinds of vulnerabilities.
Link: www.gltrs.grc.nasa.gov
Testing:
I admit that, this time it was harder to make the injection.
It is the forth time this happens, but nothing can surprise me anymore. As always, I showed no interest in the content of the website.
I hope this is the last time I see these kinds of vulnerabilities.
Link: www.gltrs.grc.nasa.gov
Testing:
As you can see, this time I didn’t hide the vulnerable parameter, mainly because it can be easily found on google with filetype:aspx.
Main Informations:
#Version: Microsoft SQL Server
#Operating system: Windows
#Web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.7
#Main Database: RDP
#Current User: RDP_Ext_RA
Tables from main database “RDP”:
#Abstract
#Author
#AuthorTypeLookup
#RDPLibrary
#RDPTemp
#ReportTemplateLookup
#ReportTypeLookup
#RptTempDistLookup
#RDP
All databases (92):
#AdventureWorks
#AppSecAdmin
#COD
#CODAppsAdmin
#CODSecurity
#Cont_999
#ContractMgmt
#CopierMDSTool
#CostRecovery
#DivAppSec
#DivisionInfo
#DivSurveys
#dnn-ltid
#dnn-metrology
#Eform
#EventSentry
#EventSentry_ext
#EventSentry_int
#FoodServices
#FormsMgmt
#FurnitureInventory
#Grants
#GRCHistory
#InstPool
#ITC
#ITCImagenet
#ITSInfo
#ITSProjectMgmt
#Library
#LibraryPatronReq
#Logistics
#LTIDLookup
#LTOCSecurity
#LVSS
#master
#metafldr
#Metcal
#Moc1Archives
#model
#msdb
#MTS
#nasath
#Northwind
#NPTRegistration
#PDOInventory
#Phone
#Projects
#PTF-HST-GHC
#PTF-HST-PSL
#PTF-ITC-AWT
#PTF-ITC-C_Archive
#PTF-ITC-CM_Archive
#PTF-ITC-Constellation
#PTF-ITC-Facilities
#PTF-ITC-ITC2_Rotocraft
#PTF-ITC-ITC4_GAGroundIcing
#PTF-ITC-ITC6_MarketingProject
#PTF-ITC-ITC0_CEV_Model
#PTF-ITC-NPTAssets
#PTF-ITC-Ohio_VIP
#PTF-ITC-Orion
#PTF-ITC-PBRF_RFP
#PTF-ITC-Template
#Publishing
#pubs
#pwots
#RDP
#RecordsMgmt
#ReportServer
#ReportServerTempDB
#RetireeReg
#RollCall
#ServerAdmin
#ServReqMgmt
#Sharepoint
#SPS
#SupplyMgmt
#tempdb
#TIALSPurchasing
#TMP2_MTS
#VTWinNASA
#WorkMgmt
#WSS-BRehab
#WSS-custodialservices
#WSS-ITC-MTPV
#WSS-ITS
#WSS-LTID
#WSS-LTIDWebAdmin
#WSS-PubsMgmt
#WSS-TIALS
#WSS-TIALSExecRpts
#WSS-webredesign
As a last remark:
I hope my findings aren’t all for nothing, and that NASA will do a complete inspection on all their websites.
I hope my findings aren’t all for nothing, and that NASA will do a complete inspection on all their websites.
Posts
