Merge branch 'master' into banditamit

README.md

@@ -36,71 +36,75 @@ What's more exciting? Stay in sync with the evolving landscape! BugBazaar regula
 ## ⚠️Vulnerabilities
 
 ### WEBVIEW
+- Opening arbitrary URLs in the webview
 - XSS
 - OPEN REDIRECTION
-- Stealing User token Via javascript Interface
+- Account Takeover via Stealing Session ID (Host validation bypass)
+- Stealing User token Via JavaScriptInterface class
 - Access of Arbitrary files via insecure Flags
-- Stealing of Arbitrary files via Insecure `WebResourceResponse`
-- Account Takeover via Steal Session id
+    - Note: Only exploitable until API level 28
+- Stealing of Arbitrary files via Insecure `WebResourceResponse`
 
 ### INTENT
 - Intent interception
 - Account takeover via intent Spoofing
 - Steal User's Contact via Insecure Pending Intent
 - RCE through insecure Dynamic Code Loading
-###  Deep Link
-
-   - CSRF
-   - Deep link hijacking
-   - Content Spoofing
-   - One Click Account Takeover
+
+###  Deep Link  
+   - CSRF to add the product to cart
+   - Deep link hijacking to load URLs in webview
+   - Content Spoofing on Offers activity
 
 ### IPC COMPONENTS
-
 -  Exported Components
 -  Steal User's Contact via typo permission in Content Provider
--  Arbitrary data write to Content provider
--  Access to Protected Components via Recevier
+-  Insecure broadcast receiver
+-  Access to Protected Components via broadcast Receiver
+-  Insecure services
+-  Fragment injection in Refer-Us
 
 ### Injections
+ - SQL Injection via user input in My order
+ - Content Provider SQL Injection in Address
+ - Data insertion via insecure Content Provider in Address
 
- - SQL Injection via user input
-
+### Unintended Data Leakage
+- Copy/Paste buffer Caching
+- Application backgrounding
+- Insecure Logging (logging user creds
 
+### Insecure Storage
+- Unencrypted database
+- Man in the Disk Attack
+- Storing sensitive info in SharedPref
+- Hardcoded secrets
 
 ### OTHERS
-
 - Improper Input Validation
-- Insecure Logging
-- Insecure Storage
 - Unrestricted file upload
-- Firebase Misconfiguration
+- Misconfigured firebase's firestore
 - Passcode Bypass
-- Copy paster Buffer
 - Tapjacking
-- hardcoded secrets
 - Improper exception Handling
-- Debuggable
+- Debuggable application
 - Backup enabled
 - Task Hijacking
-- Man in the Disk Attack
-
+- Improper cache handling
 
+### Runtime exploitation
+- Runtime code modification
+- Login pin bypass via Frida/Objection
 
 ### APP Protection
-
--  EASY LEVEL
+-  EASY LEVEL:
     -  RootBear Library
--  MEDIUM LEVEL
-
+-  MEDIUM LEVEL:
      -  Magisk detect
      -  Emulator Check
-     -  FRIDA DETECTION
-
-
--  ADVANCE LEVEL - !!! IN PROGRESS WILL UPDATE IN NEXT RELEASE
+     -  FRIDA DETECTION    
+-  ADVANCE LEVEL - ⚠️IN PROGRESS WILL UPDATE IN UPCOMING Release⚠️
 
-// MANY MORE BUGS !!! COMING SOON 😎
 
 ## Core Team
 |   |   |   |   |   |

app/build.gradle

@@ -6,7 +6,9 @@ plugins {
 android {
     namespace 'com.BugBazaar'
     compileSdk 34
-
+    lintOptions {
+        checkReleaseBuilds false
+    }
     sourceSets {
         main {
             jniLibs.srcDirs = ['src/main/jniLibs']
@@ -72,6 +74,7 @@ dependencies {
     implementation 'com.google.firebase:firebase-inappmessaging-display:20.2.0'
     implementation 'com.google.firebase:firebase-messaging:23.1.0'
     implementation 'androidx.databinding:viewbinding:7.1.2'
+    implementation 'androidx.activity:activity:1.8.0'
     releaseImplementation 'androidx.appcompat:appcompat:1.6.1'
     implementation 'com.google.android.material:material:1.9.0'
     implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
@@ -90,5 +93,6 @@ dependencies {
     implementation 'com.scottyab:rootbeer-lib:0.1.0'
     implementation 'org.greenrobot:eventbus:3.2.0'
     implementation 'androidx.work:work-runtime:2.9.0'
+    implementation 'com.squareup.picasso:picasso:2.71828'
 
 }

app/release/BugBazaar_v1.1.apk.cache/code-version

@@ -0,0 +1 @@
+13:1.4.7:cc60397faac154890c9f2f4683bb70b6:29d6be3cab4d7bd22d0b0daa010a3ffd