[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] NASA.GOV SQL Injections

To: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com>
Subject: Re: [Full-Disclosure] NASA.GOV SQL Injections
From: mcbethh@op.pl
Date: Wed, 15 Oct 2003 20:24:04 +0200

On Wed, 15 Oct 2003 01:45:02 +0200
"Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com> wrote:

> Hi all again,
> http://liftoff.msfc.nasa.gov/toc.asp?s=Tracking'
> admits sql characters injection but seems not easy to include
> successful queries
> security of nasa websites sucks ( sucks the web app security...)

Man... Who, other than nasa.gov itself, is affected by this bug ?!
Why are you posting it here? You even didn't contacted nasa.gov
admins... Hehehe.. It is obvious that my theory about you wanting fame
is correct. I remember similar post some time ago.. Some wise person
asked 'if you find server with wuftpd 2.4.2, do you send post to
full-disclosure that that host is vulnerable?'
Think dude.

mcbethh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] NASA.GOV SQL Injections
  - From: "Russ Spooner" <rspooner@unipalm.co.uk>

References:
- [Full-Disclosure] NASA.GOV SQL Injections
  - From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com>

Prev by Date: Re: [Full-Disclosure] New Microsoft security bulletins today
Next by Date: [Full-Disclosure] Foundstone Labs to Present Information on New Microsoft Vulnerabilities
Previous by thread: [Full-Disclosure] NASA.GOV SQL Injections
Next by thread: RE: [Full-Disclosure] NASA.GOV SQL Injections
Index(es):
- Date
- Thread