A group of hackers from Pakistan revealed vulnerabilities with PKNIC – which manages domains for Pakistan including .com, .pk and org.pk – which led to the defacement of websites including Google’s Pakistan page earlier.
The group claims to be the “watchdog” of the Pakistani cyberspace and reportedly monitors websites to make sure they keep functioning smoothly.
Members of the group, Khanisgr8, Net_Spy, Xpired, Sho0ter and N3t.Crack3r, in an email sent to ProPakistani revealed that hundreds of .pk domains, including google.com.pk, msn.com.pk and other domains for top global brands were defaced on Saturday due to security flaws with the PKNIC system.
Photo: Screenshot on ProPakistani
The group pointed out that the defacement took place because the PKNIC servers were vulnerable to Boolean-based blind SQL injection, time-based blind SQL injection, cross-site scripting and sensitive directory disclosure.
The members provided ProPakistani with complete parameters and proofs of vulnerability, which according to experts, were valid. The security experts told ProPakistani that PKNIC has been vulnerable for a long time.
Earlier, a hacker named eBoz, had re-routed around 284 .pk domains from their servers to a hosting account allegedly owned by himself, by penetrating and re-configuring the DNS and name servers of these domain names.