lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mcbethh at op.pl (mcbethh@...pl)
Subject: NASA.GOV SQL Injections

On Wed, 15 Oct 2003 01:45:02 +0200
"Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@...g-security.com> wrote:

> Hi all again,
> http://liftoff.msfc.nasa.gov/toc.asp?s=Tracking'
> admits sql characters injection but seems not easy to include
> successful queries
> security of nasa websites sucks ( sucks the web app security...)

Man... Who, other than nasa.gov itself, is affected by this bug ?!
Why are you posting it here? You even didn't contacted nasa.gov
admins... Hehehe.. It is obvious that my theory about you wanting fame
is correct. I remember similar post some time ago.. Some wise person
asked 'if you find server with wuftpd 2.4.2, do you send post to
full-disclosure that that host is vulnerable?'
Think dude.

mcbethh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ