Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label how google Pakistan hacked. Show all posts
Security News
Breaking News how google Pakistan hacked IT Security News Pakistani Google Hacked PKNIC hacked Security News

New SQL Injection prevention system left open a vulnerability, says PKNIC

 Few days back, Pakistani Top Level domains including Google , Yahoo, Msn and more sites defaced by Turkish Hackers.  Following that incident , a Pakistani hacker contacted us with a report regarding the vulnerability resides in the website.  We have immediately notified about the vulnerabilities to PKNIC.

Today, PKNIC released the official statement that confirms the security breach. In an email sent to us, PKNIC informed us that the vulnerability has been fixed over the weekend. 

"PKNIC became aware of a vulnerability in one of its systems which caused a total of four user accounts to be breached on Friday evening 23rd November, impacting nine DNS records, out of a total of around fifty thousand. That led to several website addresses to be redirected to a blank message page for a few hours. Several of these websites were mirrors of global sites such as google.pk, ebay.pk, etc." The official statement reads.

The changes caused by the incident were reverted within a few hours, by the PKNIC team, by late Friday night. The Team sent notification to affected accounts after the scope of the incident was identified.

The management said that website doesn't store credit card or similar financial information in its database.

"PKNIC servers were not hacked and continued to operate normally. However, the vulnerability briefly exposed some information which could be used to modify the DNS for the four accounts."

PKNIC's executive chairman Ashar Nisar said that they 've applied a new complex system to prevent from SQL injection attacks before the breach itself. However, the new system inadvertently left open a vulnerability, under certain obscure conditions and contexts, that was used in the recent security breach.

"As a result, in addition to a thorough investigation of our entire site and systems, we reverted to the simpler more robust model of filtering out everything unknown, instead of continuing to use the new system that had been tailored to the latest threats using more complicated algorithms.” He said.

The PKNIC team confirmed that there was no interruption to the root DNS or any other services provided by PKNIC. Additionally, other than the sites under the four accounts and seven DNS servers, all other .PK websites were unaffected and continued to operate normally.

 Invitation for Friendly Hackers:
To improve their web security, PKNIC plan to invite hackers to test their website security.  They've planned to announce the reward program for hackers who find vulnerability , as is done by leading global companies, like Google and others.
Read more »
Web Application Vulnerability
Boolean-based blind SQL injection Hackers News how google Pakistan hacked Pakistan Hackers Pakistani Google Hacked SQL Injection Vulnerability Vulnerability Web Application Vulnerability

Pakistan Hacker Explains How Pakistan google and other sites got hacked

Boolean-based blind SQL injection
Boolean Based SQL Injection vulnerability

Recently, The news about the Pakistani Google hack spread like a wildfire in the Internet.  At the time, Top Level Pakistan Domains displayed the defacement page including Yahoo, MSN, HSBC, EBay,Paypal and more sites.

Today, khanisgr8, a hacker from Pakistan hacker collective called "TeamBlackHats" sent an email regarding the security breach.  He explains how those websites got hacked by Turkish Hacker group "EBoz".

The day before yesterday we mentioned those hacked sites' dns records points to different free hosting site. Also we report that the site might be hacked using PKNIC vulnerability.

PKNIC is responsible for the administration of the .PK domain name space, including the operation of the DNS for the Root-Servers for .PK domains,
and registration and maintenance of all .PK domain names. PKNIC is operated as a self-supporting organization.

The hackers have claimed to have discovered a Boolean-based blind SQL injection, persistent cross site scripting, sensitive directory directory disclosure vulnerabilities in the official website of PKNIC.

They provide us the vulnerable link with POC to exploit it. Also they sent some data compromised using the vulnerability which contains database details, username and hashed password.

Xss vulnerability pknic
Xss vulnerability

He also provide the screenshot of the Cross site scripting vulnerability. When i tried to verify the XSS vulnerability, i just searched in google for the url and visit a PKNIC link.  After visiting the link, i just saw a text "<script>alert("HACKED BY COde InjectOr")</script>". May be Code Injector team attempts to exploit the vulnerability.  

"Apparently Google Pakistan has been defaced by a Turkish Hacker group 'Eboz' . It's still quite hard to believe that Google server has been hacked. They really need to put a lot of focus on their defenses because if one website got hacked that means every other websites can be hacked. " they said.

We have sent an email to PKNIC regarding the vulnerability and waiting for their response. We are not sure whether the vulnerability is fixed or not So we are not providing the vulnerable link here.
Read more »
Subscribe to: Posts (Atom)