Hello and Welcome! I’m Manan Sanghvi.
This write-up is about how I discovered a P3 vulnerability in NASA (National Aeronautics and Space Administration). The finding was simple and straightforward, without requiring advanced logical exploitation or abuse of access control mechanisms.
Initial Recon:
If you see the scope of the NASA in Bugcrowd then, it is very huge, like thousands of subdomains are in scope for testing. So, I thought that finding those assets which is never tested by any hacker can be possible.
Instead of using popular tools like Subfinder or Amass, which almost everyone uses, I decided to focus on search engine-based reconnaissance. Because search engines and dorking can uncover hidden and sensitive IP addresses.
So, I started with different operators like
- ssl:
- hostname:
- http.favicon.hash:
With this I’m able to find one subdomain which was very interesting because of its old UI. I started manually visiting each pages of a website.
Let Suppose the subdomain and the endpoint was: https://xxx.nasa.gov/xxx_register/
Which gave me one registration page in which many fields are available, first name, last name, email, username, email, password, etc..

Whenever I find multiple parameters or any kind of submit/registration form I run dalfox, it will automatically find the parameters from the page and test them also it will do mining of the parameters.
So, I just run the command
dalfox url https://xxx.nasa.gov/xxx_register/
And boom! I found XSS on username parameter.

As I mentioned earlier, this was a straightforward finding once I got past the hardest part — initial recon. The key was to find those hidden domains that hadn’t been touched by any hacker yet.
Before Ending I want to give you 3 tips:
- If you are hacking on NASA or thinking about that, then I suggest you to go for deep recon because there are lots of assets in NASA which is never touched by anyone.
- If you find multiple parameters on the page, then never forgot to run dalfox on that page, it will extract all params and will test for XSS.
- If you find old UI then spend time on it because these are often developer portals, where security and CSS are secondary priorities. This increases the likelihood of vulnerabilities.
And yes! Every hacker’s dream, got LOR ( Letter Of Recognition):

Connect with me:
https://www.linkedin.com/in/manan-sanghvi-799863176/
https://www.instagram.com/_manan_sanghvi/
https://twitter.com/An____Anonymous
Hope you enjoyed reading this write-up! If you have any suggestions, feedback, or just want to share your thoughts, feel free to drop a comment. I’d love to hear from you and improve based on your suggestions.
Happy hacking! 😊