NASA: SQL injection by Greek researchers

Two Greek researchers managed to find a security loophole on a NASA website (subdomain), which allowed them to do and access the organization's database.

According to Greek researchers, the US space agency was promptly alerted to the security gap, but to date it has not made any correction.

Researchers Dimitris Chatzidimitris and Anastasis Vasileiadhs report in .gr via email:NASA

“On August 29, we discovered a vulnerability while navigating a Nasa page (https://www.jpl.nasα.gov/which relates to various promotion systems….

Vulnerability is a type SQL injection and the link to this weakness is:

Note We do not list the link for obvious reasons but we list some of the items we received by email:

Parameter: catId (GET)
Type: boolean- blind
Database : 5.1.61-community-lo

“This specific vulnerability gave us access to data of the specific website"

Researchers report:

"After that we did not proceed to any possible access to the server beyond the bases as we had already confirmed that the page was not secure.

Immediately on August 27 we contacted the contact form on their page and we briefed them in detail to correct their security.

Until today 8 September we did not get any answer on this.

Security researchers:

Dimitris Chatzidimitris
Anastasis Vasileiadhs ”

We quote a screenshoot from the database tables. We notice that the tables also contain the user data of the web page (usernames and passwords).

See it below (wp-users, contacts, Member, authors)


The information remains available to interested parties, both by the researchers themselves and by

Η for vulnerabilities discovered in organizations, it is considered highly necessary (especially when they exist on high-traffic websites), and for us at they are an immediate priority.

We hope that in this way, i.e. the direct exposure of each vulnerability and not with its "hood", we contribute to a more Internet.

Of course we have met many and organizations, locally as well as globally, that instead of working together to solve a vulnerability, initiate legal means to prosecute researchers, covering the security gap very carefully with the rug, trying to avoid negative impressions. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).