Bug Bytes #184 – Advent of Cyber, NahamCon EU, IWCON2022 and ChatGPT
By travisintigriti
December 7, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from November 28th until December 4th.
Intigriti News
Vulnerable code snippet and the solution and finally the code
Intigriti’s head of hackers @securinti will be speaking at #IWCON2022
The November XSS Challenge has ended! check out the write ups by our community!
From my notebook
It’s December, which at least here in the UK means kids (and adults) will be opening up a calendar for each day in the run up to christmas and the new year. As such there’s a whole bunch of events running in December, so it’s worth shouting them all out.
Who Will You Learn From at IWCON2022? (3 Free Videos to Turbocharge Your Infosec Journey)
More car hacking on Honda, Nissan, Infiniti, and Acura vehicles
Other Amazing Things
Episode 351 – Is security or usability a law of the universe?
171 – Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage
SN 899: Freebie Bots & Evil Cameras – iSpoofer no more, Boa server vulnerability, CISA on Mastodon
Write-up: Basic server-side template injection (code context) @ PortSwigger Academy
What is unrestricted file upload vulnerability? And How to exploit it on DVWA!
P1 Bug Hunting — Remote and Local File Inclusion Vulnerabilities
Write-up: Source code disclosure via backup files @ PortSwigger Academy
pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthrough
Automating Recon: The Tools and Techniques Used by Today’s Hackers
2FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation
Access Any Owner Account without Authentication (Auth bypass + 2FA bypass)
How I DIDN’T get an RCE in a $200 Billion company — Bug Bounty
Broken access control + misconfiguration = Beautiful privilege escalation
[WRITE-UP] Irremovable comments on the FB Lite app | A story of a simple FB Lite bug that I found…
A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC
Issue 210: CSRF vulnerability in F5, supply chain attacks, hacking APIs, GCP API security report
40 Tips and Tricks to Improve your Bug Bounties as a beginner
Discovered Passwordresx.aspx and paste payload (‘ waitfor delay’0:0:20’–)
You may also like
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target
August 15, 2025
Intigriti Bug Bytes #227 - August 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Evading WAFs like Cloudflare, Akamai & AWS Cloudfront Creating your complete bug bounty automation system A powerful, targeted backup file scanner Bypassing CSP to achieve XSS via a cool trick with PDF file