.png)
3 hours ago
7 BOOK THIS SPACE FOR AD
ARTICLE ADHello, World! 👋👋
I’m Akash Ghosh, a passionate cybersecurity researcher and an ethical hacker driven by curiosity and the quest to make the internet safer. Recently, during one of my research projects, I uncovered a startling vulnerability in one of the most trusted names in the world — NASA’s official website! 🚀
This journey into the depths of HTML Injection Vulnerability not only taught me valuable lessons but also revealed how even a seemingly minor oversight in web security could spiral into significant risks. Let me walk you through this fascinating discovery.
Here is the free version: “https://myselfakash20.medium.com/how-i-turned-nasas-search-bar-into-a-phishing-gateway-697de30859b0?sk=2ff8fd64ba79a170b1a23d7038b41607”
The Discovery: NASA’s Trusted Domain, A Door to the Unknown
As part of my research, I explored vulnerabilities in NASA’s website (https://www.nasa.gov). My attention was drawn to its search parameter, which was vulnerable to HTML Injection. Upon testing, I confirmed that it could be exploited for Open Redirection—a vulnerability that attackers could abuse to lead users to malicious websites, phishing pages, or malware-laden domains.
Bengali (Bangladesh) · 
English (United States) ·