Many a times while browsing many sites, we have came across severe vulnerabilities in them. Be it Facebook or any other website, we have reported our finding to make sure that site gets a safe from the reported vulnerabilities. XSS and SQL injection have been the two most common flaws that we get to see even in a random web application auditing. The two bugs top’s the chart of OWASP TOP 10 with injection at first place and cross-site scripting a.k.a XSS at second position. This time we have founded XSS on commonly used websites of the world’s leading sapce agency NASA. The flaws have been reported to NASA as well as publicaly through the medium of technology news destination Softpedia.
The first website with an XSS flaw is the PDS, Planetary Data System. A malicious user can easily inject an iframe and exploit the flaw to carry attacks for phishing etc. These flaws can be manually seen and its like a Christmas bells for the cyber crooks around!
PDS site.
The second website is of Goddard Space Flight Center where the XSS flaw seems to be of medium severity. But once mixed with social engineering, everything is possible!:) Here an attacker can inject HTML code, forms to carry out attacks. In these types of flaws, social engineering plays a vital role.
We hope these flaws gets patched up soon. Coming across these random bugs while browsing websites are becoming bit common these days. A complete assurance of security shall be done before making such prestigious websites live. Make sure your web application can face the security challenges present around. Contact us today for Web Application Penetration Testing Service.
