Search This Blog

Powered by Blogger.

Blog Archive

Labels

Two XSS Vulnerabilities found in NASA websites by Team INTRA


The well known Hacker group "Team INTRA" discovered two XSS Vulnerabilities in NASA websites.  The vulnerabilities found in sub domain of nasa.gov , LANCE - Land Atmosphere Near real-time Capability for EOS(lance.nasa.gov) and EOSDIS - Earth Data Website (earthdata.nasa.gov) .

Vulnerability Details:
Type: Reflected-XSS

Target: nasa.gov
Author: Team Intra
Vulnerable link:
  • http://lance.nasa.gov/?s=<script>alert("HaxOr///INTRA");</script>
  • http://earthdata.nasa.gov/search?term=<script>alert("HaxOr///INTRA");</script>&site[1]=1&form_id=search-earthdata

Hacker said this is tribute to TinKode. Tinkode is one of famous hacker who Vulnerabilities in Government sites including NASA websites and exposed it. Few days back, Romanian authorities arrested a suspect as Tinkode.
Share it:

INTRA

Vulnerability

Web Application Vulnerability

XSS Vulnerability