Boolean Based SQL Injection vulnerability

Recently, The news about the Pakistani Google hack spread like a wildfire in the Internet.  At the time, Top Level Pakistan Domains displayed the defacement page including Yahoo, MSN, HSBC, EBay,Paypal and more sites.

Today, khanisgr8, a hacker from Pakistan hacker collective called "TeamBlackHats" sent an email regarding the security breach.  He explains how those websites got hacked by Turkish Hacker group "EBoz".

The day before yesterday we mentioned those hacked sites' dns records points to different free hosting site. Also we report that the site might be hacked using PKNIC vulnerability.

PKNIC is responsible for the administration of the .PK domain name space, including the operation of the DNS for the Root-Servers for .PK domains,
and registration and maintenance of all .PK domain names. PKNIC is operated as a self-supporting organization.

The hackers have claimed to have discovered a Boolean-based blind SQL injection, persistent cross site scripting, sensitive directory directory disclosure vulnerabilities in the official website of PKNIC.

They provide us the vulnerable link with POC to exploit it. Also they sent some data compromised using the vulnerability which contains database details, username and hashed password.

Xss vulnerability

He also provide the screenshot of the Cross site scripting vulnerability. When i tried to verify the XSS vulnerability, i just searched in google for the url and visit a PKNIC link.  After visiting the link, i just saw a text "<script>alert("HACKED BY COde InjectOr")</script>". May be Code Injector team attempts to exploit the vulnerability.  

"Apparently Google Pakistan has been defaced by a Turkish Hacker group 'Eboz' . It's still quite hard to believe that Google server has been hacked. They really need to put a lot of focus on their defenses because if one website got hacked that means every other websites can be hacked. " they said.

We have sent an email to PKNIC regarding the vulnerability and waiting for their response. We are not sure whether the vulnerability is fixed or not So we are not providing the vulnerable link here.

A hacker called as UR0B0R0X has managed to break into the Colombia Army website and steal the login credentials. He published the data in pastebin.

According to the dump, the data are compromised from different sub domains of mil.co which includes armada.mil.co,fac.mil.co,sanidadfuerzasmilitares.mil.co, reclutamiento.mil.co.

In the paste there are only few account details has been exposed. The full compromised data has been uploaded in few file sharing sites. There is a 20kb text file which contains 60+ entries in each database.The leaked data are email address and hashed password.

http://pastebin.com/KMBpjcpJ

The defaced page

The well-known hacker group Team root today come with interesting hack , they have hacked into the several Government websites of Burkina Faso which is a landlocked country in west Africa. Sounds like Teamr00t has lot of interested to hack the Government websites than other websites.

"Teamr00t Has Arrived!!! We are the voice for the suppressed people of the world, and we will show you the truth!"

The hacked Government sites includes Ministry of Defense, Ministry of Justice,Economic and Social Council,Ministry of Health, Ministry of Economy and Finance,High Council of Communication and more Top government sites hacked.

Hackers has posted their usual message to the Government "To the governments of the world,it is time you listened and acted upon what would benefit and help the people of your countries! It is now time for you to start listening to the voices of your nation and deal with the problems that are occurring every single day."

"Your people have the right to have their voices heard and you the government must listen to your nation. You cannot arrest, torture and lock up citizens, if you do not agree with their views, but must listen and act upon them. Everyone has the right to freedom of speech and your people must be allowed this freedom. Stop, listen and take action that will help benefit your nation!"

The full list of hacked sites :
http://www.defense.gov.bf/
http://www.justice.gov.bf/
http://www.ces.bf/
http://www.finances.gov.bf/
http://www.sante.gov.bf/
http://www.primature.gov.bf/
http://www.csc.bf/
http://www.gcob.gov.bf/
http://www.csi.bf/
http://www.information.gov.bf/
http://www.defense.gov.bf/
http://www.mines.gov.bf/
http://www.mid.gov.bf/
http://www.mje.gov.bf/
http://www.fonction-publique.gov.bf/
http://www.matd.gov.bf/
http://www.sggcm.gov.bf/
http://www.sig.gov.bf/
http://www.conseil-etat.gov.bf/
http://www.environnement.gov.bf/
http://www.massn.gov.bf/
http://www.mptic.gov.bf/
http://www.affaires-etrangeres.gov.bf/
http://www.mrsi.gov.bf/
http://www.cour-comptes.gov.bf/
http://www.cour-cassation.gov.bf/
http://www.justice.gov.bf/
http://www.conseil-constitutionnel.gov.bf/
http://www.ces.gov.bf/
http://www.presidencedufaso.gov.bf/
http://www.mpdh.gov.bf/
http://www.csi.bf/
http://www.agriculture.gov.bf/
http://www.mrp.gov.bf/
http://www.sggcm.gov.bf/
http://www.sante.gov.bf/
http://www.demo.gov.bf/templates
http://www.mhu.gov.bf/
http://www.matd.gov.bf/
http://www.action-sociale.gov.bf/
http://www.ces.gov.bf/
http://www.messrs.gov.bf/
http://www.culture.gov.bf/
http://www.meba.gov.bf/
http://www.environnement.gov.bf/
http://www.mjfpe.gov.bf/
http://www.sports.gov.bf/
http://www.gcob.gov.bf/
http://www.mpdh.gov.bf/
http://www.commerce.gov.bf/
http://www.mptic.gov.bf/
http://www.mess.gov.bf/

At the time of writing, All websites displays the defacement page. In case you are not able to see the defacement page, here is the mirror:
http://mirror-ma.com/archive/published=1

The list of sites hacked and defaced:
google.com.pk
microsoft.pk
biofreeze.com.pk
blackstone.pk
blogspot.pk
itunes.pk
gmails.pk
zynga.com.pk
chrome.com.pk
chrome.pk
visa.com.pk
bx.com.pk
abbvie.com.pk
abbvie.pk
cgma.pk
chacos.com.pk
cimacpa.pk
cisco.pk
ciscosystems.pk

blogspot.com.pk
cpacima.pk
cpaintl.pk
cpaldglobal.pk
cpalwglobal.pk
drivealliance.pk
eastman.biz.pk
eastman.net.pk
eastman.org.pk
ebay.pk
everyblock.pk
youtube.pk
3com.web.pk
hp.web.pk
revlon.pk
streetwear.pk
windows7.pk
windows8.pk
windowsrt.pk
yahoo.pk
yahoomaktoob.pk
zynga.pk
firstdirect.com.pk
flickr.pk
fordgofurther.pk
gbuzz.pk
gmailbuzz.pk
gmail.pk
googlebrowser.com.pk
google.pk
googlebuzz.pk
googlechrome.com.pk
abbviepharmaceuticals.pk
abbviepharmaceuticals.com.pk
hewlettpackard.pk
hexagon.com.pk
hsbcamanah.biz.pk
hotmail.com.pk
hpcloud.com.pk
hp.com.pk
hpscalene.com.pk
hsbc.biz.pk
hsbcadvance.com.pk
hsbc.pk
hsbcpremier.com.pk
hsbcprivatebank.biz.pk
hsbcamanah.com.pk
hsbcdirect.com.pk
hsbcnet.com.pk
hsbcpremier.biz.pk
hsbcpremier.pk
hsbcprivatebank.com.pk
investdirect.biz.pk
investdirect.com.pk
ipod.pk
jaiku.pk
kellyservices.com.pk
maktoob.pk
markmonitor.pk
microsoftsmartglass.com.pk
microsoftsmartglass.pk
xboxsmartglass.com.pk
xboxsmartglass.pk
msn.org.pk
windowsstore.pk
windowsstore.com.pk
opteron.com.pk
parkplaza.pk
paypal.pk
postini.pk
scalene.com.pk
schwab.biz.pk
schwab.com.pk
sonystyle.com.pk
streetwear.com.pk
theworldslocalbank.com.pk
genapp.pk
genapp.com.pk
generationapp.pk
generationapp.com.pk
windows.com.pk
windows7.com.pk
windows8.com.pk
3com.biz.pk
3com.fam.pkpk
bx.com.pk
abbvie.com.pk
abbvie.pk
cgma.pk
chacos.com.pk
cimacpa.pk
cisco.pk
ciscosystems.pk
cpacima.pk
cpaldglobal.pk
drivealliance.pk
eastman.net.pk
monatin.pk
youtube.pk
revlon.pk
windows7.pk
3com.net.pk
3com.org.pk
gchrome.com.pk
aicpacima.pk

Guess what?! The sites including Blogspot,paypal, fanta, Ebay, Msn.org.pk still displays the defacement page and we are not able to reach other sites.

It seems like hackers compromised the Pakistan's TLD operator PKNIC which administers and registers all .pk domains.

Hackers modified the DNS servers records such that it points to some other server, points to two nameservers, dns1.freehostia.com and dns2.freehostia.com

In case you are not able to see the defacement, you can see the Mirror of the defacement page here "zone-h.com/archive/notifier=KriptekS".

Few days back, Pakistani hackers has defaced the high profile Israeli websites which includes BBC, Bing, Intel, Live, MSN, CNN, Skype,Xbox .

“How's feeling guys? Remember our name? We are Bangladesh Grey Hat Hackers. We will make your life hell. You have no rights in the cyber space & in the world. You guys are nothing more than a cancerous tumor. We will hit you again & again & again.” The hacker said in the statement.


Last month, they hacked into more than 50 Israeli websites and defaced them with same message.

At the time of writing, most of the sites are not restored.  The list of hacked sites has been listed here:
http://pastebin.com/zHhmPQDi

Shortly after the Anonymous activists declared cyber war on the Israeli websites, a Pakistani hacker group  also came forward in support of GAZA and defaced lot of high profile Israeli websites.

The hack was made by hackers going by the names 1337, H4x0rL1f3, ZombiE_KsA, and Invectus.

"The Notorious Hackers are Back "The defacement message reads. "Your war on Gaza will make you cry blood and let the next few days prove that to you ! ...."

The affected sites includes MSN, Bing, Skype, XBOX, Intel, Live, CNN and more sites.

List of hacked sites , according to Zone-h :
www.skype.co.il
www.cnn.co.il
intelcore.co.il
www.msn.org.il
passport.org.il
www.microsoftstore.co.il
intelatom.co.il
www.opel.co.il
philips.co.il
bing.co.il
bbc.org.il
pantene.co.il
paypass.co.il
amazonunbox.co.il
windowslive.co.il
windows.co.il
www.nbcuni.co.il
citibank.co.il
xbox360.co.il
www.xboxfusion.co.il
cocacola.co.il
coke.co.il
www.xboxignite.co.il
www.intelappup.co.il
www.intel.co.il
live.co.il
solarwinds.co.il
live.org.il
www.msn.co.il

Mirror of the defacement can be found here:
http://www.zone-h.org/archive/notifier=1337

Meanwhile, the Israel Mastercard site is down(www.mastercard.co.il).  It was reported by Anonymous hacker with twitter handle Anonymous_SA.