125 Pakistani Websites Vulnerable To Sql Injection Hacked

Pakistan Embassy Jeddah – SQL vuln (Exploited)
November 27, 2015
XSS – http://www.faisalabadpolice.gov.pk/
November 28, 2015

125 Pakistani Websites Vulnerable To Sql Injection Hacked

Pakistani Websites Vulnerable To Sql Injection
Hack

 

Please Find below .

We checked some websites and after 24 hrs have passed still deface is there, specially the .gov.pk websites. Please update the site owners and notify relevant departments.

—————————————————————————————————————-
125 Pakistan Websites including government , education, organization websites defaced by Kerala Cyber Warriors

Tribute to 26/11 Mumbai Attack

https://www.facebook.com/KeralaCyberWarriors/

1. http://paithomkp.gov.pk/

Proof : file attached

2. http://www.makschool.edu.pk/
3. http://gpighyd.edu.pk/
4. http://shalimarcollege.edu.pk/
5. http://concepts.com.pk/index.php
6. http://daawat.pk/
7. http://epnetworks.pk/
8. http://fkproperty.pk/
9. http://gms.net.pk/
10. http://hameedsons.com.pk/
11. http://blessingsevent.pk/
12. http://bookshare.pk/
13. http://brainsgroup.com.pk/
14. http://akdream.org.pk/
15. http://bardasht.org.pk/
16. http://pleiad.com.pk/
17. http://actmacollege.edu.pk/
18. http://mirajbibiwelfarehospital.org.pk/
19. http://saryc.org/
20. http://alqurayat.com.pk/
21. http://amroha.com.pk/
22. http://www.al-sayedhospital.org/
23. http://pakshowbiz.org/
24. http://architectureplus.com.pk/
25. http://arent.com.pk/
26. http://dqa.com.pk/
27. http://www.kidscartoon.pk/
28. http://www.cartoonsonline.pk/
29. http://zaengineering.com.pk/
30. http://mcl.com.pk/
31. http://trancemedia.pk/
32. http://smartcore.com.pk/
33. http://wrongno.pk/
34. http://contractus.pk/
35. http://hkestates.pk/
36. http://www.tools.com.pk/
37. http://mscorp.pk/
38. http://new.brandoxygen.com.pk/
39. http://brandoxygen.com.pk/
40. http://zahidmalik.pk/
41. http://halalshop.pk/
42. http://pecs.pk/
43. http://bikat.com.pk/
44. http://banyan.com.pk/
45. http://www.smilefoods.com.pk/
46. http://www.akme.com.pk/
47. http://www.anyapp.pk/
48. http://beyondbattle.com.pk/categories/
49. http://www.brightcareer.com.pk/
50. http://www.arkconsulting.pk/
51. http://tamaka .com.pk/
52. http://futuretekpk.com/
53. http://buynsellpk.com/
54. http://childrenshouseislamabad.com/
55. http://www.islamabadtoursguide.com/
56. http://findpakjobs.com/
57. http://webgurutech.com/
58. http://www.7seaspk.com/
59. http://www.bizhub.com.pk/
60. http://www.capoeira.com.pk/
61. http://www.ebmacs.com/
62. http://qpms.com.pk/index.php
63. http://sarhadgroupofcompanies.com/SarhadGroup/home/
64. http://bloomsinternationalschools.com/
65. http://pjacenter.com/index.php
66. http://khkmma.com/
67. http://www.dcc.com.pk/
68. http://www.panah.org.pk/
69. http://mhp.com.pk/
70. http://legalsolutions.com.pk/
71. http://www.3wgroup.com.pk/
72. http://teamred.com.pk/
73. http://www.khushiplus.com
74. http://www.visibul.com
75. http://www.greenteam.com.pk
76. http://www.pema.pk
77. http://www.goosebumpz.co
78. http://www.vproduce.com
79. http://www.shazz.ca
80. http://www.crowdfund.pk
81. http://tanzeel.pk/
82. http://aishas.biz
83. http://www.kontenthead.com/
84. http://www.dreamto.biz
85. http://www.babank.net
86. http://www.seekho.pk
87. http://www.shadabsound.com
88. http://www.fallenmansheaven.com
89. http://www.kennel.pk
90. http://www.goosebumpz.teamred.com.pk
91. http://www.babank.teamred.com.pk
92. http://www.khushiplus.teamred.com.pk
93. http://www.dreamto.teamred.com.pk
94. http://www.shazz.teamred.com.pk
95. http://www.trade.vproduce.com
96. http://www.pema.teamred.com.pk
97. http://www.seekho.teamred.com.pk
98. http://www.vproduce.teamred.com.pk
99. http://www.fallenmansheaven.teamred.com.pk
100. http://www.kennel.teamred.com.pk
101. http://www.client.babank.net
102. http://nstreetchocolates.com/
103. http://sarhad-cigrattes.com/
104. http://www.pmlqoverseas.com
105. http://alabidregistration.com
106. http://topbladesinternational.com
107. http://simsit.edu.pk/
108. http://www.bdfoodsafety.org/
109. http://gtcci.org.pk
110. http://www.3wgroup.com.pk/
111. http://rajputmotors.com.pk/
112. http://gttigujarkhan.com/
113. http://www.paspk.org/
114. http://zmfoods.net/
115. http://www.kontenthead.teamred.com.pk
116. http://www.aishas.teamred.com.pk
117. http://www.shadabsound.teamred.com.pk
118. http://www.tanzeel.teamred.com.pk
119. http://www.crowdfund.teamred.com.pk
120. http://www.admin.babank.net
121. http://www.visibul.teamred.com.pk
122. http://simsit.edu.pk
123. http://gknews.tv/
124. http://naturesranch.com
125. http://www.food4u.pk/
———————————————————–

Vuln : LFI & RFI & SQL

Level : 8/10

Authorities Notified : Yes (NATIONAL RESPONSE CENTRE FOR CYBER CRIME)
Date : 27 Nov 2015

Advisory :

Remote File Inclusion (also known as RFI) is the process of including remote files through the exploiting of vulnerable inclusion procedures implemented in the application. This vulnerability occurs, for example, when a page receives, as input, the path to the file that has to be included and this input is not properly sanitized, allowing external URL to be injected. Although most examples point to vulnerable PHP scripts, we should keep in mind that it is also common in other technologies such as JSP, ASP and others.

For More info :
https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion
For any more Advisory and information please feel free to contact us on info@tier3.xyz.

** If this info should be provided to any other email address please notify us immediately so we can update our records for future correspondence.

Proof :

Regards


Tier3 Cyber Security Solutions
Islamabad
Pakistan
www.tier3.pk
#opsec Pakistan

#pakistan #hack #website #tier3 #alert

Comments are closed.