Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA (http://spaceyourface.nasa.gov/).
The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by 'The Hacker News'.
We contact hacker to know more about the hack, on asking How ? Hacker said,"I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server".
Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here. Mirror of hack also available on Zone-h.
Author Info
Wang Wei has been a security consultant for the government, financial securities, banks. Working as Researcher with The Hacker News. He is also a renowned speaker on the subject of 'Exploit Writing'. He is Malware analyst, Freelancer Penetration Tester, Cloud Computing, Mobile application & Software Developer. Follow him @ Twitter | Google | Email
