Security Advisory Edahabonline Money Transfer Bank & Mobile Money Wallet Critical SQLinjection & MORE Security Issues Time Line Vulnerability 6 -September-2018 I Contact 14-September-2018 II Contact -No Response 21-September-2018 III Contact -No Response 24-September-2018 Full Disclosure Title: Edahabonline Money Transfer Bank & Mobile Money Wallet Critical SQLinjection & MORE Security Issues Vendor: Edahabonline Critical SQLinjection Autor: Juan Carlos García @secnight Web:HabemusCurso.blogspot.com @habemuscurso Brief Description The latest of Somtels fleet of services is a modern electronic service, e-Dahab. ‘’Electronic Dahabshiil’’ which is a mobile Money Wallet service that allows you to pay for almost anything through your phone at ease instead of paying with cash, cheque, or credit cards.. With the option of linking your Dahabshiil bank account to e-Dahab, you can deposit or withdraw money without having to set foot in the bank. This service helps you transfer money to family friends anywhere whether locally or overseas. Among other features of e-Dahab service is mobile top up which deducts the amount recharged top-up from your e-Dahab main balance. Services Pay Roll Service Customer registration and Support Cash In via agentCash In via Remittance (Recieving Remittance directly in your Mobile) Cash In via Dahabshiil money transfer bank accountCash Out via any designated mobile payment agent Cash Out via Remittance (Sending Money abroad anywhere from your Mobile) Balance CheckPIN managementTransactions history CheckCheck Bank account balance Mobile payment at Merchant ( Paying your Shopping at any merchant) Payments using bank accountAirtime top-up from mobile walletInternet top-up from mobile wallet Domestic Peer to Peer transfer (P2P) Mini statement up to 10 transactionsTransfer between a bank account and Wallet Critical SQLinjection 1 Exploiting the Bug An Attacker Only need visit the Next web Page http://edahabonline.com/AdminControl.aspx As You can see,User And Password are needed You Only Must write the Next exploit User : 1'or’1'=’1 Pass" 1'or’1'=’1 Now You are Admimistrator Now, what you have to do is use the options that exist You can Create an Administrator or you can create a user. Do not delete the current users, as the administrator would realize immediately Once created an administrator, Add,Save and Update the information from the options what do you have on the web Create also a user if you wish.No Problem What would be the next step for an attacker? Close the website and let the magic of "NMAP" begin From here you already have to know how to do the rest of the hacking process since the most difficult, it is already done ... Now it is a "reverse exploitation" Responsability: The Author does not hace any responsability about this Security Advisory Disclosure