Skip to content

Releases: payatu/BugBazaar

v1.2.1

14 Aug 10:14
@banditVedant banditVedant
v1.2.1
fef6a89
Compare
Choose a tag to compare
v1.2.1 Latest
Latest

What's Changed?

  1. Fixed minor bugs in the MyProfile module.
  2. Fixed broken features in multiple modules.
  3. Fine-tuned code in multiple vulnerable components.
Assets 3
Loading

v1.2

30 Apr 07:02
@banditVedant banditVedant
v1.2
464b7b5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2

What's Changed?

New Vulnerabilities Added:

1. Fragment Injection

  • Added visible fragment into Refer-us activity.
  • Added hidden fragment for exploitation.

2. SQLi via exported content provider

  • Removed direct SQL queries which were fetching addresses from database.
  • Implemented a new content provider named AddressContentProvider which now fetches addresses from database.
  • This content provider is exported and extra data can be supplied via intent.

3. Unauthorized data Insertion via Insecure Content Provider

  • Implemented AddressContentProvider to write the user supplied data into database via content provider query.
  • Set this content provider as exported and allow data insertation via intent extra data.

Bugs Fixed:

  1. Deeplink not working
  2. Fixed the broken Deeplink feature.
  3. Restructured elements in manifest file and improved logic in java code for multiple components

Full Changelog: android...v1.2

Assets 3
Loading

v1.1

14 Dec 05:58
@banditVedant banditVedant
android
de20579
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1

BugBazaar Android Application version 1.1

  • Fixed "Application crashing on Android 33+ issue"
Assets 3
Loading