Pakistan Cyber Army Warns that PKNIC is Still Vulnerable

اسے اردو میں پڑھیے

A security flaw in PKNIC servers, that had caused the redirection of 284 .PK domains, including google.com.pk, to hackers’ server, still exists and is very much there — claims an email sent to ProPakistani by Pakistan Cyber Army.

PKNIC – the entity responsible for managing Pakistani TLDs, i.e. .PK, com.PK and others –had earlier admitted that it was hacked due to a security flaw but had claimed that its system was secured after an intense internal security audit.

Pakistan Cyber Army, a group of elite hackers from Pakistan, tells ProPakistani that it had also warned PKNIC before the hacking on November 9th, 2012 about the flaw. A screenshot of which is produced below:

PCA Email to PKNIC

(Click on image to enlarge)

PCA says that PKNIC never replied to its warning email and was eventually hacked on November 24th, 2012.

Pakistan Cyber Army has now again tested PKNIC servers and identified that its still vulnerable to SQL injection, even after PKNIC has claimed that its system is secure now.

PCA shared following screenshot with ProPakistani that explains SQL injection on PKNIC servers:

sqli

(Click on image to enlarge)

Pakistan Cyber Army said that vulnerabilities in PKNIC were worked out by following PCA members:

  • 1337
  • H4x0rL1f3
  • Invectus
  • ZombiE_KSA

A security expert, who wanted to remain unnamed, confirmed ProPakistani about the flaws in PKNIC system and said that PKNIC is vulnerable since 2006.


  • that make me now think, What kind of Audit Pknic have done.:P Political Audit..:P Paki Firms dont know a shit about Security. I have emailed many top organizations about Vulnerability in their Site, They never Reply. Thats their Attitude SuX..:/

  • those so-called “security expert” should wake up and come to the real world where they have no info of what they claim to be.

  • Aamir bhi your website is also listed! what’s the problem?
    PTCL | The Official Website Of Pakistan Telecommunication Company LimitedThe Official Website Of Supreme Court of PakistanPKNIC | Pakistan’s Official Domain RegistryPTA | Pakistan Telecommunication AuthorityThe Official Website Of President Of PakistanJoin Pakistan Army Official WebsiteTelenor Pakistan Offcial WebsiteWaridtel Official WebsiteNayatel Official WebsiteProPakistani | Famous Telecom and IT news blog of PakistanGEO TV Official Website

    • This is certainly not fair, making list of vulnerable paki websites as public. Anyone from anywhere in the world can now target these listed websites quite easily, even security students can have fun in their learning. I would strongly urge those concerned at Cyber Army to stop publicizing anymore. Show some patriotism damn it.

  • Wao .. On PCA website, they pretend to secure the Pakistan’s cyber space and also want a backlink to their website for the service. They should include it as a business statement in their website.


  • Get Alerts

    Follow ProPakistani to get latest news and updates.


    ProPakistani Community

    Join the groups below to get latest news and updates.



    >