Not a Hack: Lahore Electric Supply Companies (LESCO) Website Privacy Leaks不是一个黑客：拉合尔电力供应公司（ LESCO ）网站的隐私外泄

Lahore Electric Supply Companies (LESCO) is a major electricity power provider in Lahore region of Pakistan.拉合尔电力供应公司（ LESCO ）是一个重要的电力供应商在拉合尔地区的巴基斯坦。 LESCO’s main official website which is used for public access is located at LESCO的官方网站主要是用来供市民查阅位于 http://www.lesco.gov.pk/ , but apparently LESCO has another web site probably for support staffs and personnels or for training purpose, which allowed everybody from public to ‘hack’ into, and access supposedly private and confidential data. ，但显然LESCO另一网站可能的支持和人员的工作人员或作训练之用，使每个人都从公共'砍'到，并理应获得私人和机密数据。 (But who cares about privacy in Pakistan?) （但是谁在乎隐私在巴基斯坦？ ）

The website of Lahore Electric Supply Companies that has major security flaw and privacy leaks is located at该网站拉合尔电力供应公司有重大安全漏洞和隐私外泄位于 http://www.lesco.info/ . 。 To ‘hack’ the website, simply browse to LESCO Human Resource Management System via Customer Service link at要'砍'的网站，只要浏览到LESCO人力资源管理系统通过客户服务链接 http://www.lesco.info/mc/default.htm . 。 You don’t even need any skill to hack the website.您甚至不需要任何的技巧，黑客网站。 The login page has User ID (which is Guest) and password nicely filled in. Just hit “Enter Now !” button to log in to the system.登入页面已经用户ID （这是客户）和密码填入很好只要按下“输入现在！ ”按钮登录到该系统。

After logging in, ‘hacker’ can find various LESCO customers’ information from database (looks like is MySQL) such as name, address and phone number.登录之后， '黑客'可以在网上找到各种LESCO客户的信息资料库（看起来是MySQL的） ，如姓名，地址和电话号码。 Also available is application for electricity connection, date of application, status, next course of action and electricity load.也可以是应用电力方面，申请日期，地位，今后的行动方针和用电负荷。 (If you apply to LESCO and heard no news, this hack for you!) Best of all, search functions is provided. （如果您申请LESCO并没有听到消息，这个技巧为你！ ）最重要的是，搜索功能是提供。

From the design of the website, with failed MySQL commands and broken links which link to ClickSoft.com.pk, which probably is the developer for the site, LESCO.info is probably still in construction, and not mean for public access.从设计的网站，并没有MySQL的命令和损坏的链接链接到ClickSoft.com.pk ，这可能是开发商的网站， LESCO.info可能是仍然在建设，并不意味着供市民查阅。 We inclined to believe that the website is mainly used by LESCO staffs for training purpose and not as their back-end system, in view of the poor security measure.我们倾向于认为，该网站主要是利用LESCO工作人员进行培训的目的，而不是作为他们的后端系统，鉴于安全性差的措施。 But why the true live data of customers is been used as the sample is out of comprehension, which conveniently provide backdoor access for those want to gather these information.但是，为什么真正的实时数据的顾客是被用来作为样品的理解，这方便地提供后门进入那些想收集这些资料。

Probably this is the style of doing work in South Asia part of the world, but does Pakistan has nuclear weapon?也许这是风格的工作做在南亚世界的一部分，但巴基斯坦的核武器？ Can nuclear weapon of mass destruction be trusted to someone who can’t even protect personal data, albeit only name, address and phone of its own citizens?可以核武器大规模杀伤性值得信赖的人谁可以甚至没有保护个人数据，但只有姓名，地址和电话的本国公民？

IMPORTANT : You're reading a machine translated page which is provided "as is" without warranty. 重要：您正在阅读的机器翻译网页这是“原样”提供，无保修。 Unlike human translation, machine translation does not understand the grammar, semantics, syntax, idioms of natural language, thus often produce inaccurate and low quality text which is misleading and incomprehensible.不同人的翻译，机器翻译不明白的语法，语义，句法，成语自然语言，因此，往往产生不准确，低质量的文字这是误导和费解。 Thus, please refer to因此，请参阅 original English article英文原文的文章 when in doubt.当怀疑。

Related Articles相关文章

• Intel Experiences Atom Supply Shortage Due to Overwhelming Demand英特尔的经验原子供应短缺由于绝大多数的需求
• Free Online Phonemyphone Service Helps Locating Misplaced Mobile Phone免费在线服务帮助Phonemyphone定位错位移动电话
• Website Grader: Free Website Analytics and Traffic Measurement Tool网站年级：免费的网站分析和流量测量工具
• Order Hero Hack Pack with Free Open Source Tools为了英雄破解包免费开源工具
• Free Genuine License Code for Privacy Guardian by Signing Up PC Tools Newsletter自由真正许可证代码隐私监护人签署了PC机的通讯工具
• Toshiba Innovative Idea of Implementing Sleep and Charge USB ports in Satellite Laptop Series东芝公司创意执行睡眠和充电USB接口卫星系列笔记本电脑
• Virus Attack Via Infected Gizmo通过病毒攻击感染小发明
• Exciting Potential of China in e-Commerce令人兴奋的潜力在中国电子商务
• How to Make a Laser Pointer from Mini Maglite Flashlight如何使激光指针从迷你Maglite手电筒
• Steganos Security Suite 2007 Full Version Free Download and Serial Number Steganos安全套件2007完整版免费下载和序号

This entry was posted on Thursday, May 8th, 2008 at 1:17 pm and is filed under 本条目被张贴在周四， 2008年5月8号在下午1时17和提交下 Tips & Tricks 提示和技巧 . 。 You can follow any responses to this entry through the 您可以按照任何反应，这个项目通过 RSS 2.0 2.0 feed. You can 饲料。您可以 leave a response 留下一个反应 , or 或 trackback 引用 from your own site. 从您自己的网站。