14 DAY TRIAL // Ucha Gobejishvili, the Vulnerability Lab researcher also known as Longrifle0x, identified a number of space agency websites that contain cross-site scripting (XSS) vulnerabilities and publicly disclosed the information.
He discovered multiple flaws on subdomains owned by the National Aeronautics and Space Administration (NASA) and the European Space Agency (ESA), including lance.nasa.gov, gaia.esa.int, earth.eo.esa.int, xmm.vilspa.esa.es and earthdata.nasa.gov. By now, after witnessing all the hacking attempts that targeted the space agencies, it shouldn’t surprise anyone that these security holes exist, but worryingly, it takes a really long time for them to patch them up.
So far, none of the vulnerabilities have been fixed.
Members of TeamHav0k found a vulnerability in a NASA website sometime last week and at the time we notified the organization, sending them an email along with a proof-of-concept. Even so, the weakness still exists today.