1st of all I would like to tell you, I am a security enthusiast, I don’t do stuff for the sake of bounty and goodies, I do research and pentesting as it is my passion, this is not for any show-off, this is what I feel, your perspective may vary. – Eklavyaa
1 Digital Wallet Scam of 21st Century (Well known for Security Century) 1.1 #1 Mobikwik1.2 #2 PayTm1.3 #3 Myntra1.4 #4 ShopClues
#1 Mobikwik
This is the worst company anyone would, could and should come across; I reported severe misconfiguration which let any attacker download their private SSL key, enabling him to perform various possible attacks. I returned them their SSL keys and configuration files, but they didn’t patch their shit, so I enjoyed a lot, for the period of 7 months lol, yes you are right system configuration files, all that in text format.And more to add to amazement, they couldn’t even protect their administrator panel, I can’t explain this thing in detail. SCREEN shots attached and SSL keys can be downloaded from the below link.
#2 PayTm
PayTm company was vulnerable to almost everything you could imagine, I reported numerous bug on this giant eCommerce shit, ranging from authentication bypass to XSS to payment gateway security loopholes, and all they do is, yeah we are PCI secure, LOLZ. All thanks to SBI which recently announced that they ban all digital wallets, just because many people have been affected by phishing scams and security loopholes where companies have. Researchers don’t report the flaws which they find interesting; we call them 0 (Zero Days), and we keep them for our use.
#3 Myntra
Nothing much to say about this, this cartoon dress provider, they had SQLi injection at their website, many of the security researchers already dumped their whole database, and amazingly Myntra is running digital wallets. And what not.
#4 ShopClues
What to say about ShopClues, Guys at least hide your admin panel somewhere. It is fun playing with it. Wrap Up: So These are all Serious issue found on various Digital Mobile wallets website. And we are storing thousands of money on such weak security based wallets. We only want from these companies just to make their wallets secure so that anyone can store their payment safely.Also, iTech hacks wants to say Special thanks to Eklavyaa Singh Tomar for his excellent research