-----------------------------------------------------------------------------------------
| Exploit Title : NASA Blind SQL Injection
| Google Dork : site:nasa.gov inurl:.view.php?id=
| Date : 15/09/2017
| Exploit Author : nasa.gov
| Vendor Homepage : nasa.gov
| Software Link : nasa.gov
| Version : 1.0
| Tested on : Windows10 , Firefox
|
|+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
| Proof of concept : NASA Blind SQL Injection
|
| 1 - Search this Google Dork : site:nasa.gov inurl:.view.php?id=
| 2 - Find The ( earthobservatory ) Subdomain of NASA
| 3 - True Site : ( https://earthobservatory.nasa.gov )
| 4 - Now , We Have a website with low security ! :)
| 5 - This Site is using ( PHP Programming Lang ) Ver : 5 | Without Security measures !
| 6 - Step 1 : Test SQL Injection VULNERABILITY , with add ( " or ' ) end of number value in url Like : [ view.php?id=4215' ]
| 7 - Step 2 : May you receive unknown errors , Like : 404 , Forbidden , You have not perm to see & ....
| 8 - Step 3 : Now , you are be forced to ( Bypass ) This errors to continue Pentesting
| 9 - Step 4 : then , may you need to bypass ( Order , group , ... ) & Null to see true data ...
| 10 - The End , Complete Your Injection & Enjoy Of Hacking ...!
|
|
| DEMO :
|
| https://earthobservatory.nasa.gov/IOTD//view.php?id=4215' [Blind SQL Injection VULNERABILITY]
|
|
|
|
| +++ Discovered by : Mohammad Babaee | Don't forget me ...! | I will come back soon :)
|
|
-----------------------------------------------------------------------------------------
