Pakistan Cyber Army Warns that PKNIC is Still Vulnerable

اسے اردو میں پڑھیے

A security flaw in PKNIC servers, that had caused the redirection of 284 .PK domains, including, to hackers’ server, still exists and is very much there — claims an email sent to ProPakistani by Pakistan Cyber Army.

PKNIC – the entity responsible for managing Pakistani TLDs, i.e. .PK, com.PK and others –had earlier admitted that it was hacked due to a security flaw but had claimed that its system was secured after an intense internal security audit.

Pakistan Cyber Army, a group of elite hackers from Pakistan, tells ProPakistani that it had also warned PKNIC before the hacking on November 9th, 2012 about the flaw. A screenshot of which is produced below:

PCA Email to PKNIC

(Click on image to enlarge)

PCA says that PKNIC never replied to its warning email and was eventually hacked on November 24th, 2012.

Pakistan Cyber Army has now again tested PKNIC servers and identified that its still vulnerable to SQL injection, even after PKNIC has claimed that its system is secure now.

PCA shared following screenshot with ProPakistani that explains SQL injection on PKNIC servers:


(Click on image to enlarge)

Pakistan Cyber Army said that vulnerabilities in PKNIC were worked out by following PCA members:

  • 1337
  • H4x0rL1f3
  • Invectus
  • ZombiE_KSA

A security expert, who wanted to remain unnamed, confirmed ProPakistani about the flaws in PKNIC system and said that PKNIC is vulnerable since 2006.

  • Amir, hope you remember the incident happened back in 2008 when I was able to transfer some prime domains in my account. Guess they have not learned their lesson yet. I would still encourage for a consortium of companies to have rights on PKNIC instead of a seth owned venture.

  • strange!

  • Nauman

    that make me now think, What kind of Audit Pknic have done.:P Political Audit..:P Paki Firms dont know a shit about Security. I have emailed many top organizations about Vulnerability in their Site, They never Reply. Thats their Attitude SuX..:/

  • Muhammad Tufail

    those so-called “security expert” should wake up and come to the real world where they have no info of what they claim to be.

  • Asad Shamsi

    According to cyberarmy . com .pk.. ProPakistani is also a vulnerable site..

  • moxet

    Aamir bhi your website is also listed! what’s the problem?
    PTCL | The Official Website Of Pakistan Telecommunication Company LimitedThe Official Website Of Supreme Court of PakistanPKNIC | Pakistan’s Official Domain RegistryPTA | Pakistan Telecommunication AuthorityThe Official Website Of President Of PakistanJoin Pakistan Army Official WebsiteTelenor Pakistan Offcial WebsiteWaridtel Official WebsiteNayatel Official WebsiteProPakistani | Famous Telecom and IT news blog of PakistanGEO TV Official Website

    • fksysko

      This is certainly not fair, making list of vulnerable paki websites as public. Anyone from anywhere in the world can now target these listed websites quite easily, even security students can have fun in their learning. I would strongly urge those concerned at Cyber Army to stop publicizing anymore. Show some patriotism damn it.

      • moxet

        Agree with you bro, right! they must hide this list from the hackers!

  • Mujahid Ishtiaq

    Wao .. On PCA website, they pretend to secure the Pakistan’s cyber space and also want a backlink to their website for the service. They should include it as a business statement in their website.

  • Mr X

    Hehehe just Hackers I have Hacked 12 Websites of India And Used It