• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
home / News / NASA: SQL injection by Greek researchers

NASA: SQL injection by Greek researchers

08/09/2017 10:34 by Dimitris

Two Greek researchers managed to locate a security gap on a NASA website (subdomain), which allowed them to perform SQL injection and gain access to the organization's database.

According to Greek researchers, the US space agency was promptly alerted to the security gap, but to date it has not made any correction.

Researchers Dimitris Chatzidimitris and Anastasis Vasileiadhs report at Secnews.gr via email:sql injection - NASA: SQL injection by Greek researchers

“On August 29, we discovered a vulnerability while navigating a Nasa page (https://www.jpl.nasα.gov/which relates to various promotion systems….

Vulnerability is a type SQL injection and the link to this weakness is:

Note Secnews.gr: We do not list the link for obvious reasons but we list some of the items we received by email:

Parameter: catId (GET)
Type: boolean-based blind
Database version: 5.1.61-community-lo

"This particular vulnerability gave us access to the databases of that site"

Researchers report:

"After that we did not proceed to any possible access to the server beyond the bases as we had already confirmed that the page was not secure.

Immediately on August 27 we contacted the contact form on their page and we briefed them in detail to correct their security.

Until today 8 September we did not get any answer on this.

Security researchers:

Dimitris Chatzidimitris
Anastasis Vasileiadhs ”

We quote a screenshoot from the database tables. We notice that the tables also contain the user data of the web page (usernames and passwords).

See the image below (wp-users, contacts, Member, authors)

db - NASA: SQL injection by Greek researchers

_____________________________________

The information remains available to interested parties, both by the researchers themselves and by Secnews.gr.

Updating vulnerabilities found in organizations is considered to be absolutely essential (especially when there are high-traffic websites), and Secnews.gr for us is a direct priority.

We hope that in this way, that is, the immediate exposure of any vulnerability, and not its 'hood,' we are contributing to a safer Internet.

Of course, we have met many companies and organizations, both locally and globally, that instead of working together to resolve a vulnerability, they are moving legal means to persecute the researchers by covering the security gap very carefully with the mat, trying to avoid negative impressions .

NASA: SQL injection by Greek researchers was last modified: 8 September, 2017, 10: 38 am by Dimitris

Subscribe to our newsletter

no spam

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: NewsDay: contacts, Dimitris Chatzidimitris, I'm sure, security, SQL

You May Also Like

What is two-factor authentication? Why you should use it
ESET Cybersecurity Trends 2021
5 Tips to Keep Your Server Safe

About Us Dimitris

Dimitris hates on Mondays .....

Previous Post: « Equifax Hack: 143 consumer information personal information leaked
Next Post: Shadow Brokers leaked a new hacking tool for Windows »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loadingCancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.