Monday, September 13, 2010

5 Nasa subdomains vulnerable to XSS

Proof of concep:

http://pds.nasa.gov/tools/ddlookup/data_dictionary_lookup.cfm?type=element&letter=XSS

http://software.gsfc.nasa.gov/FindQuick.cfm?paSort=Product_Type&ProducType=All&search=XSS

http://fora.gsfc.nasa.gov/FFF/admin/viewsignin.html?op=edit&pageid=XSS

http://heasarc.gsfc.nasa.gov/vo/validation/vresults.pl?show=XSS

http://ethics-www.jpl.nasa.gov/missions/index.cfm?type=XSS

No comments: