Cross-site Scripting (XSS) vulnerability in a NASA Sub-domain: XSS through User-Agent Request Header
iSpeech
How's it going on, guys? I am Binit Ghimire. Today, in this video, I am showing you how I was able to discover a Cross-site Scripting (XSS) vulnerability in a NASA sub-domain (https://nodis3.gsfc.nasa.gov/).
This video is about Cross-site Scripting (XSS) Vulnerability in a NASA Sub-domain through User-Agent Request Header.
Vulnerable URLs:
https://nodis3.gsfc.nasa.gov/search_ft.cfm [It is demonstrated in this video.]
https://nodis3.gsfc.nasa.gov/suggestions_action.cfm [It can be reproduced in exact same way.]
My Videos on NASA Cross-site Scripting:
1. NASA XSS through User-Agent: https://youtu.be/O-KtSUUqnzM
2. NASA XSS through Form Fields: https://youtu.be/bxjDWLI1js4
3. NASA XSS through HTTP Referer: https://youtu.be/qTyunvx6B7I
Discussing about My Last Video from September, 2018:
Last time on September 1, 2018, I uploaded a video on "Hacking into the NASA Website - Live Demonstration", in which I just entered my deface script in the browser console and pressed enter, and showed it as the defacement of the NASA website. That's not even a vulnerability, and it is just about executing JavaScript in the attacker's browser only through the web browser console. But, this time, this video is about the demonstration of an actual Cross-site Scripting (XSS) vulnerability in a NASA sub-domain.
I have explained about the reproduction of the vulnerability in this video, but at the beginning of the video, I have talked about my last video from September 1, 2018. So, if you don't want to watch that, and directly jump to the actual part of this video, then you can skip to 01:09 and watch the video till the end.
If you are interested in watching my video from September 1, 2018, then you can watch it here: https://youtu.be/q-cQvu591V4
But, I ensure you won't find anything that offers knowledge regarding web application security from that video, as that video was uploaded just for entertainment purposes only.
I hope you would like this video about Cross-site Scripting (XSS) Vulnerability in a NASA Sub-domain.
If you liked the video, please make sure to give a thumbs up, leave a comment, and if you haven't subscribed to my channel yet, I hope you would hit the SUBSCRIBE button as well.
If you think this video should reach in front of a larger audience, you are free to share this video anywhere you want.
Thank You for your time watching the video!
2019-10-10 18:20:14
source
Gloss