PaperPk.com is an online Jobs Searching platform like Rozee.pk where the users can find jobs from all newspapers ads. All latest jobs are mostly advertised in newspapers like Jang , Dawn and Express Daily so people would likely have to buy a newspaper else if they are unable to buy a newspaper, they use to look for online job searching platforms where they can find the right jobs they are looking for rather than in newspapers where they have to look for every ads to find the particular job meeting their requirements – PaperPk 200,000 Users Data At Risk.
According to Alexa Rankings PaperPk.com has the rank of 49 in Pakistan and a global rank of 7,312 which means that a large number of visitors use to visit this website on daily basis.
As far as the audience is concerned. The highest rate of audience is from Pakistan i.e 86.7% which is quite high proving that still a large number of people rely on this website.
Hackers always try to target those websites who have higher ranking. Higher ranking means more users. Users database is what the hackers are always looking for and for it they can do the worst to a particular website. Once the users data is breached the hackers can then hack each and every user independently and separately cause he have got all of their personal information from emails, passwords, addresses, CNIC, mobile numbers etc. There will a great loss to the website traffic/business but more to the user’s critical information. This critical information is then going to be used for wrong purposes and will directly effect the particular users personal life.
Every website owner tries to make sure that his/her website is the most secure one though some of the issues/bugs/vulnerabilities are left behind because of no thorough web application penetration testing and regular updating of the components.
Same thing has happened to PaperPk.com, the website has been developed and is up for the public use though it is not secure. There are ton’s of vulnerabilities in this website from informative to critical ones. The vulnerabilities include XSS, Sql Injections etc. A lot of parameters vulnerable to SQL Injection attack. On exploiting the vulnerability any attacker can gain access to 200,000 Pakistani user’s database i.e the personal details of each and every user who had made account on PaperPk.com. These personal details included emails, passwords, mobile numbers, addresses etc, not only the customers data was on risk in fact all those companies having their accounts on PaperPk.com were on risk. Below are the screenshots of the database.
Note: All the passwords were in clear text format.
We reported this issue ethically and the issue was patched after some days (more than 15 days). Though we haven’t received any of their email acknowledging us for our report nor they replied us on any of our emails till now. Though we are happy that the vulnerability has been patched. There still can be more parameters vulnerable to OWASP TOP 10 vulnerabilities. We hope that they will secure the privacy of users.
Thanks for reading…
Read more about cyber news.