Tag: election

Election Commission of Pakistan “Hacker Free” Website

ReallyVirtual2 Comments

flag(Sorry about the waving flag, couldn't resist the temptation). With nothing better to do, I just visited the Election Commission of Pakistan Election Results website (yes, that's the sequel (no pun intended) to the ecp.gov.pk state-of-the-art live voter database website that I wrote about here , the one that can't find me, thereby making me a dead voter)… and was refreshing the results page every couple of minutes, when I finally managed to come across the crash that my brother had mentioned a few minutes earlier. He had also mentioned that the site is extremely slow (he is sitting in Cambridge right now) but since our mehndi.com CEO promised us servers and bandwidth not found anywhere else on the planet, so I'm pretty sure it must be the UK ISPs that are too slow for the site.

Anyway, I digress… so here are the screenshots for your forehead slapping pleasure:

It seems that an Index was out of range… take a closer look… yep, the site is still running in debug mode, and the path to the files on the server are visible. ecp-dotnet-crash

And here's another screen-shot, a 'Parser Error' this time… Oops!

ecp-dotnet-crash2

The vsite in the url probably means they have multiple applications hosted on virtual servers. If you compare the Election Results website with this asp.net website, you will probably come to the conclusion that the talented developers (read interns @ 10,000 per month or less) weren't exactly familiar with either web design or the way ASP.NET membership/roles framework works, but were rescued by Google and were able to "borrow" and copy/paste from the example to save the day.

I wouldn't be too surprised if there are a half dozen SQL injection possibilities in there, or if the website has an /admin/ folder somewhere in the URL schema (as an 'admin' section is found in 90% of websites developed by our Pakistani programmers), or if there is some left-over code from the examples that will allow anyone to register and mess with the website.

10 years ago, one message on any Pakistani IRC channel would have been enough to take this website down, but at this point in time, I can only pray that the website stays online for the next couple of days so that the mehndi.com guys get their 10 hours of crash-free fame (I think they've already had their fortune delivered to them in Canada). I also hope that they find and fix the flaws before the site gets hit by hackers, and only because I don't want the rest of the world to have one more chance to laugh at us, we can do that job ourselves.

Election Commission of Pakistan – Live Voter Search

Sohaib Athar

The Election Commision of Pakistan has released their cutting-edge website that allows anyone who can read and type Urdu to search for any 'Live' (and I presume, dead as well) voters in Pakistan. It is no mean feat to develop an Urdu website in Canada (handling a character-set twice the size of the English alphabet is surely twice as hard), especially a completely secure one that lets you search 80 Million (*gasp*) records!

Even though I still don't understand the need for the website (though it can be fun to search for the people you know to get their exact age and/or who they are married to), and even though its on-screen keyboard thinks 'undefined' is an Urdu character, and even though it does not know me, though I have tried both versions of 'hay' in my name along with my old and new NID numbers (which probably means I can't vote – (Yay!)), but I feel I should still congratulate the CEO of Mehndi.com for an excellent 'gift' back to the nation (in all its waving flag animated gif glory that messes up in Firefox), and for showing us backwards Pakistanis that "nothing is impossible if you go for it." (which translates loosely into "you can create projects out of thin air if you know the right people").

Now, can somebody lend me around 50 shell accounts or zombie machines so that I can scrape that database in a couple of days please? I promise to return them.