Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name "p0ison-r00t" deface a sub domain of NASA (http://spaceyourface.nasa.gov/).

The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by 'The Hacker News'.
We contact hacker to know more about the hack, on asking How ? Hacker said,"I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server".

Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here. Mirror of hack also available on Zone-h.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.