Hi friends, Umm, i've seen that my message about some NASA.gov websites vulnerabilities became a little flame so, i'm finishing a report that includes in nice html format: -info about SQL injections -info about XSS -info about a denial of service that i found in a Cold Fusion script. -info about the incorrect access control to an administrative part of a website ( i could access to the administration area ) So, wait for news because i contacted NASA staff : ___ John R. Ray, Mgr. NASA Competency Center Information Technology Security ___ After the systems patching they will allow me to make public the report. Thanks to everybody in this list. Best regards to all and have nice time ! ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
