Pakistani Hackers Expose PKNIC Vulnerabilities


Pakistan's popular blog reported last day that a Pakistani Hackers’ group has exposed multiple, highly critical vulnerability at PKNIC – this is actually the entity that manages country level domains names (such as .com.pk, .pk, org.pk and others) for Pakistan.

Hackers group, named Khanisgr8, Net_Spy, Xpired, Sho0ter and N3t.Crack3r revealed as their members claims to be the watchmen of Pakistani Cyber Space, and they are walking through stealthy to let it make secure and invulnerable despite without any official support by Government.

They had revealed in an email that hundreds of .PK domains, including google.com.pk, msn.com.pk and other country level domains for top global brands were defaced on Saturday due to security flaws of PKNIC system. Which could harm official websites having large amount of valuable information and public data.

Hacker group, further exposed some important turnarounds which they had followed through, claimed that PKNIC servers are vulnerable to:
  • Boolean-based blind sql injection
  • Time-based blind sql injection
  • Cross site scripting
  • Sensitive directory disclosure
Hacker group also provided with complete parameters and proofs of vulnerability, which are authorized by experts as valid and the only reason that hundreds of .PK domains were taken down on Saturday. Experts deemed that this is not the first time PKNIC faced challenges it has been long ago making it vulnerable, these ignored security flaws can make tremendous harm in future if not scrutinized or ceased.
  
PKNIC should take these issues seriously for further details and they can also call on those anonymous hackers group to their special task force and properly test for uncertain back-hauls may come in future as recently in counter attack a country's cyber space been penetrated largely.

It maybe recalled that a hacker, named eBoz, had re-routed some 284 .PK domains from their legitimate servers to an hosting account allegedly owned by hacker himself, by penetrating and re-configuring the DNS and name servers of these domain names.

Check below the screenshot of hacked Google.com.pk – which is still in-tact for few users.


Lately no one claimed the responsibility for the incident, but a message appearing on defaced pages, including on Google.com.pk is displaying a message in Turkish language, hinting that the hacker could be Turkish in origin. But this could only be DNS re-configurations to exploit or warn on security flaws to PKNIC.


Previous Post Next Post