Election Commission of Pakistan “Hacker Free” Website
(Sorry about the waving flag, couldn't resist the temptation). With nothing better to do, I just visited the Election Commission of Pakistan Election Results website (yes, that's the sequel (no pun intended) to the ecp.gov.pk state-of-the-art live voter database website that I wrote about here , the one that can't find me, thereby making me a dead voter)… and was refreshing the results page every couple of minutes, when I finally managed to come across the crash that my brother had mentioned a few minutes earlier. He had also mentioned that the site is extremely slow (he is sitting in Cambridge right now) but since our mehndi.com CEO promised us servers and bandwidth not found anywhere else on the planet, so I'm pretty sure it must be the UK ISPs that are too slow for the site.
Anyway, I digress… so here are the screenshots for your forehead slapping pleasure:
And here's another screen-shot, a 'Parser Error' this time… Oops!
The vsite in the url probably means they have multiple applications hosted on virtual servers. If you compare the Election Results website with this asp.net website, you will probably come to the conclusion that the talented developers (read interns @ 10,000 per month or less) weren't exactly familiar with either web design or the way ASP.NET membership/roles framework works, but were rescued by Google and were able to "borrow" and copy/paste from the example to save the day.
I wouldn't be too surprised if there are a half dozen SQL injection possibilities in there, or if the website has an /admin/ folder somewhere in the URL schema (as an 'admin' section is found in 90% of websites developed by our Pakistani programmers), or if there is some left-over code from the examples that will allow anyone to register and mess with the website.
10 years ago, one message on any Pakistani IRC channel would have been enough to take this website down, but at this point in time, I can only pray that the website stays online for the next couple of days so that the mehndi.com guys get their 10 hours of crash-free fame (I think they've already had their fortune delivered to them in Canada). I also hope that they find and fix the flaws before the site gets hit by hackers, and only because I don't want the rest of the world to have one more chance to laugh at us, we can do that job ourselves.