A group of Pakistani hackers have revealed an extremely critical vulnerability at PKNIC. In Pakistan, PKNIC manages the domains such as (.pk, .com.pk, org.pk and others).
This Pakistani hacker group is believed to be the observer of Pakistani cyber space, witnessing quietly to make sure that they keep rolling smoothly.
According to sources, the hacker group having members named khanisgr8, Xpired, Sho0ter, Xpired and Net.Crack3r revealed that domains of global brands including .PK domains such as (google.com.pk, msn.com.pk and others) were devastated due to low security level of PKNIC system.
Hacker group, in an exclusive communication with ProPakistani, claimed that PKNIC servers are vulnerable to:
- Boolean-based blind sql injection
- Time-based blind sql injection
- Cross site scripting
- Sensitive directory disclosure
According to experts, the proofs of vulnerability are provided by the hacker group and are the valid reasons which led hundreds of .PK domains to be taken down on Saturday.
ProPakistani has claimed that it can share the complete details of these vulnerabilities with PKNIC if they want to resolve the flaws.
It maybe recalled that a hacker, named eBoz, had re-routed around 284 .PK domains from their legitimate servers to a hosting account allegedly owned by the hacker himself, by penetrating and re-configuring the DNS and name servers of these domain names.