How I ethically hacked NASA via Google Dorking.

Prince Roy(RoyzSec)
2 min readAug 27, 2023

--

Har Har Mahadev🔱. This is Prince Roy, a cyber security researcher. Recently, I have discovered an information disclosure vulnerability in one of the NASA domains by just Google hacking or dorking.

What? What are you saying?

I am serious, guys. Google dorking is a great way to find information disclosure. Now, I am going to tell you how I found it.

I used that dork for a search:

site:.*.*.nasa.gov  "Server Status" | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private

This simple search gave me some juicy information.

Got this!!

When I opened it, I found the web server status along with secret information. After that, I reported it.

And guess what? After 4 days, my report got accepted.

wasn’t it great guys?

And listed on their HOF and Appreciation Letter:

And Finally, thanks in advance for reading my small finding blogs. I hope you enjoyed it.

Please follow my social media platforms for my next blog:

Linkedin: https://www.linkedin.com/in/prince-roy-4b9a75187/

Github: https://github.com/royzsec

Twitter: https://twitter.com/royzsec

--

--