Full Disclosure mailing list archives
RE: NASA.GOV SQL Injections
From: "Russ Spooner" <rspooner () unipalm co uk>
Date: Fri, 17 Oct 2003 09:22:40 +0100
Dont you think that some people in nasa might also be reading this list? Just because you can cause a sql error it doesnt necessarily mean you have found a security flaw: it might not be possible to exploit it... -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of mcbethh () op pl Sent: 15 October 2003 19:24 To: Lorenzo Hernandez Garcia-Hierro Cc: full-disclosure Subject: Re: [Full-disclosure] NASA.GOV SQL Injections On Wed, 15 Oct 2003 01:45:02 +0200 "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com> wrote:
Hi all again, http://liftoff.msfc.nasa.gov/toc.asp?s=Tracking' admits sql characters injection but seems not easy to include successful queries security of nasa websites sucks ( sucks the web app security...)
Man... Who, other than nasa.gov itself, is affected by this bug ?! Why are you posting it here? You even didn't contacted nasa.gov admins... Hehehe.. It is obvious that my theory about you wanting fame is correct. I remember similar post some time ago.. Some wise person asked 'if you find server with wuftpd 2.4.2, do you send post to full-disclosure that that host is vulnerable?' Think dude. mcbethh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ------------------------------------------------------------------ CRN Channel Awards 2003 - 10th Anniversary Unipalm has been shortlisted for Specialist Distribution Partner Vote for us at http://www.crn.vnunet.com by clicking the logo ------------------------------------------------------------------- CONFIDENTIALITY AND DISCLAIMER NOTICE This e-mail is intended only for the addressee named above and the contents should not be disclosed to any other person nor copies taken. Any views or opinions presented are solely those of the sender and do not necessarily represent those of ComputerLinks (UK) Ltd. (trading as Unipalm) unless otherwise specifically stated. As internet communications are not secure we do not accept legal responsibility for the contents of this message nor responsibility for any change made to this message after it was sent by the original sender. We advise you to carry out your own virus check before opening any attachment as we cannot accept liability for any damage sustained as a result of any software viruses. ------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NASA.GOV SQL Injections Lorenzo Hernandez Garcia-Hierro (Oct 14)
- Re: NASA.GOV SQL Injections mcbethh (Oct 16)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- <Possible follow-ups>
- RE: NASA.GOV SQL Injections Schmehl, Paul L (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections madsaxon (Oct 17)
- Re: NASA.GOV SQL Injections Gregory A. Gilliss (Oct 17)
- Re: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- Re: [SD:jason.full-disclosure] RE: NASA.GOV SQL Injections Jason Freidman (Oct 17)
- Re: NASA.GOV SQL Injections mcbethh (Oct 16)