Recently, we reported that the hackers defaced Top level Domains of Turkmenistan including Google, Gmail, youtube, by exploiting the vulnerability in NIC.tm. Today they have discovered vulnerability in another NIC website.
The hackers found a critical SQL injection vulnerability in Sri Lankan NIC website(nic.lk) that allows hackers to hijack top level Sri Lankan domains .
NIC websites are considered to be most important part of every country on the internet . A network information center (NIC), is the part of the Domain Name System (DNS) of the Internet that keeps the database of domain names, and generates the zone files which convert domain names to IP addresses.
Each NIC is an organization that manages the registration of Domain names within the top-level domains for which it is responsible, controls the policies of domain name allocation, and technically operates its top-level domain.
"any unauthorized access can make a disaster to compromised country ." The hackers said " for example changing all governments website’s DNS to hacker DNS and grab all high-level man of country credentials."
Hackers compromised data from the database and dumped data. They claimed that they reported to nic but there is no response from security team.
The hackers found a critical SQL injection vulnerability in Sri Lankan NIC website(nic.lk) that allows hackers to hijack top level Sri Lankan domains .
NIC websites are considered to be most important part of every country on the internet . A network information center (NIC), is the part of the Domain Name System (DNS) of the Internet that keeps the database of domain names, and generates the zone files which convert domain names to IP addresses.
Each NIC is an organization that manages the registration of Domain names within the top-level domains for which it is responsible, controls the policies of domain name allocation, and technically operates its top-level domain.
"any unauthorized access can make a disaster to compromised country ." The hackers said " for example changing all governments website’s DNS to hacker DNS and grab all high-level man of country credentials."
Hackers compromised data from the database and dumped data. They claimed that they reported to nic but there is no response from security team.
 hacked via SQL injection vulnerability ){kind=link}