Bug Bytes #184 – Advent of Cyber, NahamCon EU, IWCON2022 and ChatGPT
By travisintigriti
December 7, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from November 28th until December 4th.
Intigriti News
Vulnerable code snippet and the solution and finally the code
Intigriti’s head of hackers @securinti will be speaking at #IWCON2022
The November XSS Challenge has ended! check out the write ups by our community!
From my notebook
It’s December, which at least here in the UK means kids (and adults) will be opening up a calendar for each day in the run up to christmas and the new year. As such there’s a whole bunch of events running in December, so it’s worth shouting them all out.
Who Will You Learn From at IWCON2022? (3 Free Videos to Turbocharge Your Infosec Journey)
More car hacking on Honda, Nissan, Infiniti, and Acura vehicles
Other Amazing Things
Episode 351 – Is security or usability a law of the universe?
171 – Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage
SN 899: Freebie Bots & Evil Cameras – iSpoofer no more, Boa server vulnerability, CISA on Mastodon
Write-up: Basic server-side template injection (code context) @ PortSwigger Academy
What is unrestricted file upload vulnerability? And How to exploit it on DVWA!
P1 Bug Hunting — Remote and Local File Inclusion Vulnerabilities
Write-up: Source code disclosure via backup files @ PortSwigger Academy
pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthrough
Automating Recon: The Tools and Techniques Used by Today’s Hackers
2FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation
Access Any Owner Account without Authentication (Auth bypass + 2FA bypass)
How I DIDN’T get an RCE in a $200 Billion company — Bug Bounty
Broken access control + misconfiguration = Beautiful privilege escalation
[WRITE-UP] Irremovable comments on the FB Lite app | A story of a simple FB Lite bug that I found…
A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC
Issue 210: CSRF vulnerability in F5, supply chain attacks, hacking APIs, GCP API security report
40 Tips and Tricks to Improve your Bug Bounties as a beginner
Discovered Passwordresx.aspx and paste payload (‘ waitfor delay’0:0:20’–)
You may also like
Intigriti Bug Bytes #220 - January 2025 🚀
January 10, 2025
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023