NASA website security issues
Posted by isrtinkode on February 19, 2010
_ _ _____
| \ | | /\ / ____| /\
| \| | / \ | (___ / \
| . ` | / /\ \ \___ \ / /\ \
| |\ |/ ____ \ ____) / ____ \
|_| \_/_/ \_\_____/_/ \_\
#TinKode@Romania
The Center for Aerosol Research at NASA's Goddard Space Flight Center
The Goddard Space Flight Center (GSFC) is a major NASA space research laboratory established on May 1, 1959 as NASA’s first space flight center. GSFC employs approximately 10,000 civil servants and contractors, and is located approximately 6.5 miles (10.5 km) northeast of Washington, D.C. in Greenbelt, Maryland, USA. GSFC, one of ten major NASA field centers, is named in recognition of Dr. Robert H. Goddard (1882-1945), the pioneer of modern rocket propulsion in the United States.
Vulnerable website: http://aerocenter.gsfc.nasa.gov
I want to say that it was very hard to make this injection…
The webserver had good protection but wasn’t fully secured.
This kind only works manually , you can’t do it with apps.
In this picture you can see the visible columns:
Main informations:
#Version:5.0.82-log
#User:carwww@localhost
#Database:aerocenter
#Datadir:/var/mysql/
Here we can see all databases:
[1] information_schema
[2] aerocenter
[3] car
[4] test
In this screenshot are all tables from all databases:
I don’t know exactly from which database are the tables… so I think I have not split them very well
Tables from “aerocenter” database:
[1] files
[2] milagro_users
[3] modis_wshop
[4] news
[5] news_files
[6] personnel
[7] siteupdate
[8] test
[9] users
[10] workshop_files
[11] yoram2007
[12] yoram2007_agenda
Tables from “car” database:
[1] car_content
[2] car_data_info
[3] car_data_missions
[4] car_data_overview
[5] car_data_quicklooks
[6] car_files
[7] car_homefeature
[8] car_homefeature_title
[9] car_homeimage
[10] car_homemission
[11] car_images
[12] car_news
[13] car_news_files
[14] car_pers_ordering
[15] car_personal_pages
[16] car_personnel
[17] car_publications,
[18] car_publications_authors
[19] car_publications_coauthors
[20] car_sections
[21] car_siteupdate
[22] car_subsections
[23] car_users
Tables from “test” database:
[1] content
[2] homeimage
[3] hometext
[4] images
[5] news
[6] news_files
[7] personnel
[8] publications
[9] publications_authors
[10] publications_coauthors
[11] sections
[12] siteupdate
[13] subsections
[14] users
Columns from all databases:
Here we have the same situation like with tables…
[1] filename
[2] title
[3] user
[4] actualname
[5] firstname
[6] lastname
[7] username
[8] userpassword
[9] userlevel
[10] status
[11] email
[12] phone
[13] affiliation
[14] focusgroup
[15] flag
[16] date_entered
[17] event_date
[18] time
[19] location
[20] art_title
[21] talk_title
[22] art_content
[23] article_id
[24] rank
[25] cal_lastname
[26] cal_firstname
[27] cal_middlename
[28] cal_email
[29] fax
[30] su_content
[31] last_updated
[32] badge
[33] citizen
[34] country
[35] content
[36] ordering
[37] section_title
[38] subsection_title
[39] header
[40] link_text_before
[41] linked_text
[42] link_url
[43] link_text_after
[44] html
[45] mission_id
[46] flight_number
[47] date
[48] time_flight
[49] time_data
[50] aircraft_type
[51] flight_scientist
[52] lat_long
[53] flight_map_lg
[54] modis_img_lg
[55] goes_img
[56] details
[57] flight_schedule
[58] anim_img_type
[59] static_img_type
[60] modis_credit
[61] flight_track_credit
[62] quicklook_credit
[63] details_credit
[64] modis_anim
[65] modis_aqua
[66] modis_terra
[67] goes_utc
[68] kmz_file
[69] mission_name
[70] year
[71] objective
[72] logo
[73] logo_width
[74] logo_height
[75] table_number
[76] data
[77] flight_num
[78] img_sm
[79] img_lg
[80] content_id
[81] image
[82] image_alt
[83] image_align
[84] active
[85] feature_title
[86] image_caption
[87] image_large
[88] id_ordering
[89] order_id
[90] page_id
[91] pers_id
[92] middlename
[93] profile_active
[94] profile_img
[95] class
[96] onlinestatus
[97] classification
[98] monthdays
[99] found_in
[101] eds
[102] publication
[103] volume
[104] issue
[105] pages
[106] pub_id
[107] author
[108] lab_member_auth
[109] coauthors
[110] lab_member_coauth
[111] sectionTitile
[112] parentSection
[113] cal_login
[114] cal_passwd
[115] profile
[116] profile_img1
[117] profile_img2
Admins accounts:
g****sa:****bb*******8418dfce03f42193***:ghalusa@climate.gsfc.nasa.gov
m***gro:****a4343e0f1c5************0be96:ghalusa@climate.gsfc.nasa.gov
g***usa:ee***81bd*****2baa934eb571c*****:Goran.N.Halusa@gsfc.nasa.gov
kl***man:34a9dbef0*****86d1b71f6662c*****:Richard.Kleidman@nasa.gov
lr***er:******76c7041eae26695ec259aa*****1:Lorraine.A.Remer@nasa.gov
p***ul:**********3f3529e02ff313dcaf49ce*****:paul.d.przyborski@nasa.gov
l****y:*************1fb629d312948e9642f95df*****:Robert.C.Levy@nasa.gov
These hashes are md5() and they can be easily cracked.
Bye, TinKode!
Bye, TinKode!
Posts
0 comentarii:
Post a Comment