A security flaw in PKNIC servers, that had caused the redirection of 284 .PK domains, including google.com.pk, to hackers’ server, still exists and is very much there — claims an email sent to ProPakistani by Pakistan Cyber Army.
PKNIC – the entity responsible for managing Pakistani TLDs, i.e. .PK, com.PK and others –had earlier admitted that it was hacked due to a security flaw but had claimed that its system was secured after an intense internal security audit.
Pakistan Cyber Army, a group of elite hackers from Pakistan, tells ProPakistani that it had also warned PKNIC before the hacking on November 9th, 2012 about the flaw. A screenshot of which is produced below:
(Click on image to enlarge)
PCA says that PKNIC never replied to its warning email and was eventually hacked on November 24th, 2012.
Pakistan Cyber Army has now again tested PKNIC servers and identified that its still vulnerable to SQL injection, even after PKNIC has claimed that its system is secure now.
PCA shared following screenshot with ProPakistani that explains SQL injection on PKNIC servers:
(Click on image to enlarge)
Pakistan Cyber Army said that vulnerabilities in PKNIC were worked out by following PCA members:
A security expert, who wanted to remain unnamed, confirmed ProPakistani about the flaws in PKNIC system and said that PKNIC is vulnerable since 2006.
