Not a Hack: Lahore Electric Supply Companies (LESCO) Website Privacy Leaks
Lahore Electric Supply Companies (LESCO) is a major electricity power provider in Lahore region of Pakistan. LESCO’s main official website which is used for public access is located at http://www.lesco.gov.pk/, but apparently LESCO has another web site probably for support staffs and personnels or for training purpose, which allowed everybody from public to ‘hack’ into, and access supposedly private and confidential data. (But who cares about privacy in Pakistan?)
The website of Lahore Electric Supply Companies that has major security flaw and privacy leaks is located at http://www.lesco.info/. To ‘hack’ the website, simply browse to LESCO Human Resource Management System via Customer Service link at http://www.lesco.info/mc/default.htm. You don’t even need any skill to hack the website. The login page has User ID (which is Guest) and password nicely filled in. Just hit “Enter Now !” button to log in to the system.
After logging in, ‘hacker’ can find various LESCO customers’ information from database (looks like is MySQL) such as name, address and phone number. Also available is application for electricity connection, date of application, status, next course of action and electricity load. (If you apply to LESCO and heard no news, this hack for you!) Best of all, search functions is provided.
From the design of the website, with failed MySQL commands and broken links which link to ClickSoft.com.pk, which probably is the developer for the site, LESCO.info is probably still in construction, and not mean for public access. We inclined to believe that the website is mainly used by LESCO staffs for training purpose and not as their back-end system, in view of the poor security measure. But why the true live data of customers is been used as the sample is out of comprehension, which conveniently provide backdoor access for those want to gather these information.
Probably this is the style of doing work in South Asia part of the world, but does Pakistan has nuclear weapon? Can nuclear weapon of mass destruction be trusted to someone who can’t even protect personal data, albeit only name, address and phone of its own citizens?
Related Articles
- Website Grader: Free Website Analytics and Traffic Measurement Tool
- Order Hero Hack Pack with Free Open Source Tools
- Display and Show Feed on HTML Website with FeedBurner BuzzBoost
- Free Genuine License Code for Privacy Guardian by Signing Up PC Tools Newsletter
- Intel Experiences Atom Supply Shortage Due to Overwhelming Demand
- Embed PowerPoint Presentation Files in Blog or Website With Web-Based Service authorSTREAM
- Hack to Add Second Hand to Product (RED) Clock Face Sidebar Gadget
- Hack Proofing Oracle Internet Platform Guide Online Reading and Download
- Get Free $25 or More Money Refund (No Hack Required) from Credit Card Foreign Currency Conversion Fee Settlement
Entries (RSS)
September 24th, 2009 23:25
Thank God there are still some decent sanctuaries left for internet privacy havens. You don’t have to be doing anything shady or crazy to simply want your privacy back.
July 28th, 2009 14:46
That’s why I carry bundles of cash..
June 18th, 2009 19:36
Very interesting… thanks.
June 11th, 2009 12:42
LOL, NO ONE could hack my site. I do all the security myself.
May 13th, 2008 18:49
Mr Bush says Usama is in Pakistan. The article is too BUSHY lol. The quality of the Protection given to Weapons of Mass destruction and Nuclear resources can’t be measured by a security given to a website which is in Beta Mode.
I strictly disagree to the last para of your artcle.
May 9th, 2008 15:30
Shows great Narrow mindedness of the website.
Bad display of Writing.
May 9th, 2008 10:51
May 9th, 2008 10:51
Oh yes after having a look on this article on other sources, it looks like someone added the last bit(paragraph) by him/her self. And after reading this article and having a look on that data, I don’t think SO it may cause any harm on large scale.
May 9th, 2008 03:25
judging by the content of the post and the grammar used, i’d be highly suspicious it was g w bush posting that message
“but does Pakistan has nuclear weapon?”
May 8th, 2008 16:52
“”"Probably this is the style of doing work in South Asia part of the world, but does Pakistan has nuclear weapon? Can nuclear weapon of mass destruction be trusted to someone who can’t even protect personal data, albeit only name, address and phone of its own citizens?”"
why does everything has to finish on pakistan atomic power. Even if a rat dies in Pakistan the conclusion of the debate will end on Pakistan atomic power. what about other countries like UK for instance lost 2 cd’s containing more than 100 thousand people’s benefit details containing bank account details as well as personal data.