I was on http://winds.jpl.nasa.gov/imagesAnim/quikscat.cfm when I found this:
OMG! NASA? Yep... Even when you assume security is a must @ sites like NASA, there are (some) insecurities! As you can see Image was not sanitized (as it should have been! :)
I did some more tests on another NASA site (http://sbir.gsfc.nasa.gov):
We can list some directories:
And we can see another XSS vulnerability:
ok, there is no more fun with NASA.
Why I'm posting this? I'm sure people at NASA already know it... Now I will googe a bit b4 posting. Yep! I've found http://hackingethics.wordpress.com/2010/02/15/xss-in-nasa-and-sql-injection-in-pentagon/ (and other links)
well, It seems I can post this... Someone wants to look for vulnerabilities at Pentagon? Spare time? Where are You when I need You?