A "friendly" hacker called c0de.breaker claims to have broken into two secure internal sites at NASA's Instrument Systems and Technology and Software Engineering divisions, and snapped screen shots to prove the protected sites were intruded.
"I didn't want to make something bad!" c0de.breaker wrote in a web posting. "Only to show NASA (has) many vulnerable subdomains to SQLI (SQL injection), XSS (cross-site scripting), etc." The hacker gained access through a combination of a SQL injection and poor access controls. The National Aeronautics and Space Administration has had major problems securing its websites for years.
(Source: Gov Info Security)
Gov Info Security