There are lots of Bugs on various Mobile Wallets websites or apps found by Eklavyaa Singh Tomar. There are lots of simple and easily vulnerable bugs on PayTm; any hacker can exploit it – Said Ekalvya.
So let’s move to the bugs and security flaws on various traditional Indian Mobile Wallets Websites and Apps.
Remember: These All Bugs and Security Flaws found by Eklavyaa; iTech Hacks won’t take any responsibility for any future issues.
1st of all I would like to tell you, I am a security enthusiast, I don’t do stuff for the sake of bounty and goodies, I do research and pentesting as it is my passion, this is not for any show-off, this is what I feel, your perspective may vary. – Eklavyaa
Digital Wallet Scam of 21st Century (Well known for Security Century)
So here we are writing this post to let people understand how much secure are the Digital wallet services we use, we will explain and loopholes that Eklavyaa have encountered.
This is the worst company anyone would, could and should come across; I reported severe misconfiguration which let any attacker download their private SSL key, enabling him to perform various possible attacks.
I returned them their SSL keys and configuration files, but they didn’t patch their shit, so I enjoyed a lot, for the period of 7 months lol, yes you are right system configuration files, all that in text format.And more to add to amazement, they couldn’t even protect their administrator panel, I can’t explain this thing in detail.
SCREEN shots attached and SSL keys can be downloaded from the below link.
PayTm company was vulnerable to almost everything you could imagine, I reported numerous bug on this giant eCommerce shit, ranging from authentication bypass to XSS to payment gateway security loopholes, and all they do is, yeah we are PCI secure, LOLZ.
All thanks to SBI which recently announced that they ban all digital wallets, just because many people have been affected by phishing scams and security loopholes where companies have. Researchers don’t report the flaws which they find interesting; we call them 0 (Zero Days), and we keep them for our use.
Nothing much to say about this, this cartoon dress provider, they had SQLi injection at their website, many of the security researchers already dumped their whole database, and amazingly Myntra is running digital wallets. And what not.
What to say about ShopClues, Guys at least hide your admin panel somewhere. It is fun playing with it.
Wrap Up: So These are all Serious issue found on various Digital Mobile wallets website. And we are storing thousands of money on such weak security based wallets. We only want from these companies just to make their wallets secure so that anyone can store their payment safely.Also, iTech hacks wants to say Special thanks to Eklavyaa Singh Tomar for his excellent research