Sunday, February 5, 2012

TinKode-NASA 2 Websites Full Access

8:31 PM  Admin  No comments


NASA 2 Websites Full Access

Posted by isrtinkode on February 19, 2010
 _   _
| \ | | __ _ ___  __ _
|  \| |/ _` / __|/ _` |
| |\  | (_| \__ \ (_| |
|_| \_|\__,_|___/\__,_|
      #owned by c0de.breaker
I had access to:
www.istd.gsfc.nasa.gov
www.sed.gsfc.nasa.gov
Some screens:
http://i44.tinypic.com/vnjl10.png
http://i41.tinypic.com/25j9zle.png
http://i37.tinypic.com/294t26t.png
http://i35.tinypic.com/qnpf9y.png
http://i38.tinypic.com/23r5mw.png
http://i37.tinypic.com/2rfe92u.png
http://i35.tinypic.com/a57s5e.png
Informations:
#Version: 5.0.41-community-nt-log
#User: **********.gsfc.nasa.gov
#Principal Database: *****
Tables from “*****” database:
#access
#branch
#docs
#docsbranch
#intro
#programs
Columns from “access” table:
#Id
#firstName
#lastName
#userName
#userID
#passWd
#projAdmin
#branchAdmin
#userAdmin
#userEmail
#deleteFlag
#dateCreated
#dateExp
Admins Accounts:
http://www.istd.gsfc.nasa.gov
[1]c****n:****2b550647
[2]c****n:****457ee5exxx = pass
[3]c****n:****14414xxx
[4]am****s:****df47xxx
[5]m****a:****b668859ca = demo
[6]pm****es:****b668859ca = demo
[7]hb****h:****b410747xxx
[8]rb****rut:****b410747xxx
[9]bw****r:****f299589xxx
[10]j****on:****dc4acc0xxx
[11]j****s:****c4acc0xxx
[12]l****ia:****4746f1dxxx
[13]g****w:****33e5ba3axxx
[14]j****le:****ff639f44xxx
[15]d****k:****0cf29958xxx
[16]A****s:****42fa7cxxx
http://www.sed.gsfc.nasa.gov
[17]l****y:****c17889xxx
[18]k****m:****9040104xxx
[19]j****ch:****dc4acc0xxx
[20]c****rmann:****027e9a6xxx
[21]rw****ey:****d42fa7cxxx
[22]y****e:****6107b5cxxx
[23]s****n:****cf29958xxx
[24]b****i:****dd3b569xxx
[25]lr****y:****410747xxx
[26]e****l:****bf05750xxx
[27]cd****ka:****bb79660xxx
[29]j****es:****e4746f1xxx
[30]r****z:****d75fb3exxx
[31]t****ley:****90f14657de5 = d41d8cd9
[32]e****ks:****d75fb3exxx
[33]ph****es:****6e3e050xxx
[34]pp****an:****0877c779xxx
[35]ac****n:****5eb1a0fexxx
I didn’t want to damage anything. Only to show that nasa subdomains have many SQLI, XSS, vulnerabilities etc
#Finish, c0de.breaker

Read More

TinKode-NASA Full-Disclosure! AGAIN

8:17 PM  Admin  No comments


NASA Full-Disclosure! AGAIN

Posted by isrtinkode on February 19, 2010
 _   _                      _               _
| \ | | __ _ ___  __ _     / \   __ _  __ _(_)_ __
|  \| |/ _` / __|/ _` |   / _ \ / _` |/ _` | | '_ \
| |\  | (_| \__ \ (_| |  / ___ \ (_| | (_| | | | | |
|_| \_|\__,_|___/\__,_| /_/   \_\__, |\__,_|_|_| |_|
                                |___/
              #Full Disclosure... c0de.breaker
#Important
Ok. First of all, the reason I made this SQLi public ( even though I had no intention to make this ) , is because I found out that somebody else discovered the vulnerable parameter.I found this SQLi 3 months ago.
# Why do I test websites?
Because it is my hobby , and I want to prove that even the big websites, which should be highly secured, can be hacked. This is the reality , and it makes me sad.I feeling alright about what I’m doing, because if anyone finds a vulnerability before me , he/she could use it in harmful ways such as: shelling , rooting , backdooring , deleting etc
The WebSite Vulnerable: http://saif-1.larc.nasa.gov (CEOS Systems Analysis Database)
Testing:


Informations:
#Version: 5.1.31-community
#User: *******
#Main Database: *******
#Path of MySQL: C:\Documents and Settings\All Users\Application Data\MySQL\MySQL Server 5.1\Data\
Also, the magic_quotes_gpc=OFF, and “user” from mysql have all privileges:
Bad…
Other Databases:
#ceossadb
#information_schema
#mysql
#ceosvis
Tables from “ceosvis” database:
#instrument
#takes
#measurement
#contains
#mission
Tables from main Database:
#agency
#alt_names
#cat_measurements
#cat_missions
#cat_series
#cat_wavebands
#ceosdbversion
#constellations
#data_access_links
#db_update_phases
#ecv
#instr
#instr_agencies
#instr_desc
#instr_geometry
#instr_maturity
#instr_mission
#instr_res_swath_temp
#instr_sampling
#instr_status
#instr_status_biz
#instr_technology
#instr_technology_rawdata
#instr_type
#instr_waveband
#mappedor1
#measurement_confidence
#measurement_desc
#measurement_type
#measurementtypesconfidencepilot
#measurementtypespending
#method
#mission_agencies
#mission_status
#missions
#obs_requirments
#orbit_sense
#orbit_type
#requirements
#series
#series_agency
#series_missions
#societal_benefits
#sys_diagrams
#taxonomy
#typeatmosphere
#typereqapplication
#typerequirementsource
#typesmeasurementsconfidencepilot
#wmo_measurement
I made this public, because I saw the website down, and I think the administrators will fix the vulnerability once someone reports the problem. (sorry because i didn’t make this first, if was that)

Read More

TinKode-NASA vulnerable to MSSQL Injection

8:11 PM  Admin  No comments


NASA vulnerable to MSSQL Injection

Posted by isrtinkode on February 19, 2010
 _   _                   __  __  _____ _____  ____  _      _
| \ | |                 |  \/  |/ ____/ ____|/ __ \| |    (_)
|  \| | __ _ ___  __ _  | \  / | (___| (___ | |  | | |     _
| . ` |/ _` / __|/ _` | | |\/| |\___ \\___ \| |  | | |    | |
| |\  | (_| \__ \ (_| | | |  | |____) |___) | |__| | |____| |
|_| \_|\__,_|___/\__,_| |_|  |_|_____/_____/ \___\_\______|_|

   #Nasa vulnerable again (MSSQLi)@c0de.breaker
Hello, unfortunately I found another serious vulnerability in NASA, more precisely a MSSQL Injection .
I admit that, this time it was harder to make the injection.
It is the forth time this happens, but nothing can surprise me anymore. As always, I showed no interest in the content of the website.
I hope this is the last time I see these kinds of vulnerabilities.
Link: www.gltrs.grc.nasa.gov
Testing:


As you can see, this time I didn’t hide the vulnerable parameter, mainly because it can be easily found on google with filetype:aspx.
Main Informations:
#Version: Microsoft SQL Server
#Operating system: Windows
#Web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.7
#Main Database: RDP
#Current User: RDP_Ext_RA
Tables from main database “RDP”:
#Abstract
#Author
#AuthorTypeLookup
#RDPLibrary
#RDPTemp
#ReportTemplateLookup
#ReportTypeLookup
#RptTempDistLookup
#RDP
All databases (92):
#AdventureWorks
#AppSecAdmin
#COD
#CODAppsAdmin
#CODSecurity
#Cont_999
#ContractMgmt
#CopierMDSTool
#CostRecovery
#DivAppSec
#DivisionInfo
#DivSurveys
#dnn-ltid
#dnn-metrology
#Eform
#EventSentry
#EventSentry_ext
#EventSentry_int
#FoodServices
#FormsMgmt
#FurnitureInventory
#Grants
#GRCHistory
#InstPool
#ITC
#ITCImagenet
#ITSInfo
#ITSProjectMgmt
#Library
#LibraryPatronReq
#Logistics
#LTIDLookup
#LTOCSecurity
#LVSS
#master
#metafldr
#Metcal
#Moc1Archives
#model
#msdb
#MTS
#nasath
#Northwind
#NPTRegistration
#PDOInventory
#Phone
#Projects
#PTF-HST-GHC
#PTF-HST-PSL
#PTF-ITC-AWT
#PTF-ITC-C_Archive
#PTF-ITC-CM_Archive
#PTF-ITC-Constellation
#PTF-ITC-Facilities
#PTF-ITC-ITC2_Rotocraft
#PTF-ITC-ITC4_GAGroundIcing
#PTF-ITC-ITC6_MarketingProject
#PTF-ITC-ITC0_CEV_Model
#PTF-ITC-NPTAssets
#PTF-ITC-Ohio_VIP
#PTF-ITC-Orion
#PTF-ITC-PBRF_RFP
#PTF-ITC-Template
#Publishing
#pubs
#pwots
#RDP
#RecordsMgmt
#ReportServer
#ReportServerTempDB
#RetireeReg
#RollCall
#ServerAdmin
#ServReqMgmt
#Sharepoint
#SPS
#SupplyMgmt
#tempdb
#TIALSPurchasing
#TMP2_MTS
#VTWinNASA
#WorkMgmt
#WSS-BRehab
#WSS-custodialservices
#WSS-ITC-MTPV
#WSS-ITS
#WSS-LTID
#WSS-LTIDWebAdmin
#WSS-PubsMgmt
#WSS-TIALS
#WSS-TIALSExecRpts
#WSS-webredesign
As a last remark:
I hope my findings aren’t all for nothing, and that NASA will do a complete inspection on all their websites.

Read More