A hacker called “LegitHacker97” leaked an 82 MB file representing an entire website owned by the US National Aeronautics and Space Administration (NASA). More precisely, the target appears to be the NSC Knowledge Now site (nsckn.nasa.gov), which can only be accessed by authorized users.
The hacker told The Hacker News that he leveraged a Local File Include vulnerability to upload his own shell. This allowed him to download the entire website.
He claims that the security hole has been addressed after he breached the site.
The Hacker News’ Mohit Kumar analyzed the leaked data and he claims that it legitimately appears to originate from nsckn.nasa.gov.
He believes that the hacker might have social engineered NASA employees because users can only gain access to the site after obtaining clearance from a NASA officer.