Two NASA sites recently were hacked by an individual wanting to demonstrate that the sites are susceptible to SQL injection. The websites for NASA's Instrument Systems and Technology Division and Software Engineering Division were accessed by a researcher, who posted to his blog screen shots taken during the hack.
The researcher, using the alias "c0de.breaker," used SQL injection to hijack the sites, Gunter Ollmann, VP of research at security firm Damballa, who recently wrote about the hack, told SCMagazineUS.com on Monday.

SQL injection is an attack process where a hacker adds additional SQL code commands to a page request and the web server then tries to execute those commands within the backend database, Ollman said. Vulnerable web applications process the extra SQL commands, which then cause the web application to leak additional information, such as user credentials, which can be used to log into the targeted application.

The link for this article located at SC Magazine is no longer available.