Pakistani universities represent the most exposed segment of Pakistan's digital infrastructure during wartime. While government and military sites were taken offline or placed behind WAFs, universities received no additional protection. Five universities were deeply probed; two (QAU and PU) were subjected to complete data dumps.
Only universities with Cloudflare or Sucuri WAFs resisted reconnaissance. Those without WAFs were fully accessible — no exceptions.
QAU — Quaid-i-Azam University, Islamabad
Pakistan's #1 ranked university (QS World Rankings)
| Data Type | Count | Size | Notable |
|---|---|---|---|
| Pages | 200 | 2.4 MB | Full HTML including staff listings |
| Posts | 484 | 1.4 MB | News, announcements, academic notices |
| Media | 603 items | 200 KB | Direct download URLs for all uploads |
| Categories | 164 | 179 KB | Full taxonomy tree |
| Search Results | 1,545 | 1.2 MB | 43 keyword searches |
| HTML Pages | 16 | 1.3 MB | Admin, webmail, staff, departments |
| Total | — | 6.6 MB | — |
Organizational Structure Discovered
Academic Faculties: Natural Sciences, Biological Sciences, Social Sciences, Pharmacy
Administrative Units with documented staff:
- Office of the Registrar (14+ staff documented)
- Office of the Controller of Examinations (11 staff documented)
- Office of the Treasurer (40+ staff across 7 sections)
- Security Cell (contact: [email protected], +92 51-9064-2028)
- IT/ICT Section, Secrecy Section
QAU Internal PBX Mapping
Extension range: 9064-xxxx Registrar area: 9064-4046 to 9064-4141 Examination area: 9064-4034 to 9064-4096 ICT area: 9064-3231 to 9064-3247 Security: 9064-2028, 9064-2090 International: +92-51-9064-xxxx
Credential Attack Surface
- Roundcube Webmail: /webmail/ — targets @qau.edu.pk accounts
- phpMyAdmin: Confirmed via redirect — database management interface
- Personal email addresses: 4 @gmail.com, 1 @yahoo.com extracted from staff directories
- Intercom Directory: 71 KB PDF download — complete university phone tree
PU — University of the Punjab, Lahore
Pakistan's largest and oldest university (established 1882) — Custom PHP CMS
| Data Type | Files | Size | Notable |
|---|---|---|---|
| Sitemap XML | 1 | 523 KB | 18,460 URLs |
| HTML pages | 80+ | 7.5 MB | Admin, departments, services |
| Department pages | 19 | 1.4 MB | Full faculty/research data |
| Total | 101 | 8.3 MB | — |
Sitemap Analysis (18,460 URLs)
| Category | URLs | % |
|---|---|---|
| result | 9,442 | 51.1% |
| faculty | 4,655 | 25.2% |
| IT | 3,324 | 18.0% |
| department | 2,477 | 13.4% |
| admission | 1,305 | 7.1% |
| research | 418 | 2.3% |
| admin | 193 | 1.0% |
| finance / library / tender / api | 148 | 0.8% |
Admin section (/admin/) returns HTTP 200 (82 KB) with no authentication. Webmail at /mail/ returns "Web Mail: University of the Punjab" (32 KB). Full administrative staff listing at /home/administrative_staff/ (31 KB) and organizational chart at /home/Admin_structure/ (28 KB).
Departments Scraped (19 complete)
Zoology (176 KB), Molecular Biology (153 KB), Microbiology & Molecular Genetics (151 KB), Hailey College of Commerce (133 KB), Social & Cultural Studies (82 KB), Library & Information Management (74 KB), History & Pakistan Studies (71 KB), Clinical Psychology (68 KB), Space Science (60 KB), Islamic Studies (60 KB), Punjab University College of IT (49 KB), plus 8 additional departments.
LUMS — Lahore University of Management Sciences
phpinfo.php exposure — complete server stack disclosure (102 KB)
Full analysis: Annex 07 — Server Disclosure
AIOU — Allama Iqbal Open University
| Field | Value |
|---|---|
| Server | Apache/2.4.41 (Ubuntu) |
| CMS | Drupal |
| Login | /user/login exposed |
| APIs probed | /api/, /api/v1/, /api/v2/, /graphql |
UOS — University of Sargodha
| Field | Value |
|---|---|
| Server | Cloudflare + PleskLin backend |
| PHP | 8.2.30 (disclosed in response headers) |
| Framework | Laravel (identified from Blade-template 404 page) |
| Login | /login — 5.3 KB real login page |
| Found directories | /downloads/ (236 KB), /directory/ (199 KB) |
University Security Posture Comparison
| University | WAF | CMS | API Exposed | Admin Access | Webmail | Data Extracted |
|---|---|---|---|---|---|---|
| QAU | NONE | WordPress | FULL | YES | YES (Roundcube) | 6.6 MB |
| PU | NONE | Custom PHP | N/A | YES | YES | 8.3 MB |
| LUMS | NONE | Drupal | No | No | No | 102 KB (phpinfo!) |
| AIOU | NONE | Drupal | Probed | No | No | Minimal |
| UOS | Cloudflare | Laravel | Blocked | No | No | Minimal |
| NUST | Cloudflare | — | Blocked | Blocked | Blocked | None |
| COMSATS | Cloudflare | — | Blocked | Blocked | Blocked | None |