Full Disclosure mailing list archives

Re: NASA.GOV SQL Injections

From: mcbethh () op pl
Date: Wed, 15 Oct 2003 20:24:04 +0200

On Wed, 15 Oct 2003 01:45:02 +0200
"Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com> wrote:

Hi all again,
http://liftoff.msfc.nasa.gov/toc.asp?s=Tracking&apos;
admits sql characters injection but seems not easy to include
successful queries
security of nasa websites sucks ( sucks the web app security...)


Man... Who, other than nasa.gov itself, is affected by this bug ?!
Why are you posting it here? You even didn't contacted nasa.gov
admins... Hehehe.. It is obvious that my theory about you wanting fame
is correct. I remember similar post some time ago.. Some wise person
asked 'if you find server with wuftpd 2.4.2, do you send post to
full-disclosure that that host is vulnerable?'
Think dude.

mcbethh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

NASA.GOV SQL Injections Lorenzo Hernandez Garcia-Hierro (Oct 14)
- Re: NASA.GOV SQL Injections mcbethh (Oct 16)
  - RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
    - RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- <Possible follow-ups>
- RE: NASA.GOV SQL Injections Schmehl, Paul L (Oct 17)
  - RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
    - RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
    - RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
    - RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
    - RE: NASA.GOV SQL Injections madsaxon (Oct 17)
    - Re: NASA.GOV SQL Injections Gregory A. Gilliss (Oct 17)
    - Re: NASA.GOV SQL Injections Ron DuFresne (Oct 17)

(Thread continues...)