Two NASA sites recently were hacked by an individual wanting to demonstrate that the sites are susceptible to SQL injection.
The websites for NASA's Instrument Systems and Technology Division and Software Engineering Division were accessed by a researcher, who posted screen shots taken during the hack to his blog.
The researcher, using the alias "c0de.breaker," used SQL injection to hijack the sites, according to Gunter Ollmann, VP of research at security firm Damballa.
SQL injection is an attack process where a hacker adds additional SQL code commands to a page request and the web server, and then tries to execute those commands within the backend database, Ollman said. Vulnerable web applications process the extra SQL commands, which then cause the web application to leak additional information, such as user credentials, which can be used to log into the targeted application.
The NASA hack yielded the credentials of some 25 administrator accounts, Ollman said. The researcher also gained access to a web portal used for managing and editing those websites.
“The researcher had the ability to add and change any content or administrators for the website,” Ollmann said.
A NASA spokesperson did not respond to an SCMagazineUS.com request for comment, but a NASA security analyst who contacted Ollman said the issues have been addressed and the sites are no longer vulnerable.
Cybercriminals are constantly looking for sites that are susceptible to SQL injection, which is a recurring problem, as new content is developed and sites are updated, Ollman said.
“SQL injection is a common technique that's well understood and provides a bountiful target because you are literally going after databases, which is frequently where large stores of information exist,“ said Amit Yoran, chairman and CEO of networking security monitoring firm NetWitness.
In this particular case, the researcher found the vulnerabilities, made NASA aware of them, then published findings after the websites had been fixed, Ollman said. An attacker, however, could have tried to use that web server as an entry point into other systems NASA might control, or edit the content of the sites and use them for drive-by downloads.
See original article on scmagazineus.com
NASA sites hacked via SQL injection
25 administrator accounts compromised.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Microsoft Copilot Partner Hub
Partner Content
ElasticON Sydney 2025: Deriving value from your data with Search AI
.png&h=140&w=231&c=1&s=0)
Partner Content
AI and quantum computing widen the machine identity security gap
AI Copilot: Breaking Down Silos & Securing the Future
Sponsored Whitepapers
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
_page-0001.jpg&w=100&c=1&s=0)
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
