Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA (https://spaceyourface.nasa.gov/).

The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by 'The Hacker News'.
We contact hacker to know more about the hack, on asking How ? Hacker said,"I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server".

Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here. Mirror of hack also available on Zone-h.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.