Full Disclosure mailing list archives
Vulneraibilty Asesment report in NASA.GOV Websites [not finished , only news]
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Sun, 19 Oct 2003 21:36:27 +0200
Hi friends, Umm, i've seen that my message about some NASA.gov websites vulnerabilities became a little flame so, i'm finishing a report that includes in nice html format: -info about SQL injections -info about XSS -info about a denial of service that i found in a Cold Fusion script. -info about the incorrect access control to an administrative part of a website ( i could access to the administration area ) So, wait for news because i contacted NASA staff : ___ John R. Ray, Mgr. NASA Competency Center Information Technology Security ___ After the systems patching they will allow me to make public the report. Thanks to everybody in this list. Best regards to all and have nice time ! ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulneraibilty Asesment report in NASA.GOV Websites [not finished , only news] Lorenzo Hernandez Garcia-Hierro (Oct 19)