Full Disclosure mailing list archives
Re: NASA.GOV SQL Injections
From: mcbethh () op pl
Date: Wed, 15 Oct 2003 20:24:04 +0200
On Wed, 15 Oct 2003 01:45:02 +0200 "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com> wrote:
Hi all again, http://liftoff.msfc.nasa.gov/toc.asp?s=Tracking' admits sql characters injection but seems not easy to include successful queries security of nasa websites sucks ( sucks the web app security...)
Man... Who, other than nasa.gov itself, is affected by this bug ?! Why are you posting it here? You even didn't contacted nasa.gov admins... Hehehe.. It is obvious that my theory about you wanting fame is correct. I remember similar post some time ago.. Some wise person asked 'if you find server with wuftpd 2.4.2, do you send post to full-disclosure that that host is vulnerable?' Think dude. mcbethh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NASA.GOV SQL Injections Lorenzo Hernandez Garcia-Hierro (Oct 14)
- Re: NASA.GOV SQL Injections mcbethh (Oct 16)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- <Possible follow-ups>
- RE: NASA.GOV SQL Injections Schmehl, Paul L (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections madsaxon (Oct 17)
- Re: NASA.GOV SQL Injections Gregory A. Gilliss (Oct 17)
- Re: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- Re: NASA.GOV SQL Injections mcbethh (Oct 16)