Bug Bytes #195 – LastPass discovery, learning to code, and a complete guide to SSRF
By travisintigriti
March 8, 2023
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from February 27th to March 5th
Intigriti News
From my notebook
LastPass says employee’s home computer was hacked and corporate vault taken
Web Cache Poisoning” which I utilized to deface/disable the target web application in the realtime
Other Amazing Things
Carving Exfiltrated Network Data from a Hack (Python & Scapy)
Announcing HTB Seasons | Open Beta – Hackers Wrath (Ippsec’s Thoughts on the New Hack The Box Seasons)
Using GitHub to Look at Source for a CVE [HackTheBox – Forgot]
191 – Param Pollution in Golang, OpenEMR, and CRLF Injection
Risky Biz News: White House unveils National Cybersecurity Strategy
Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug
Directory Traversal, File Include, File Upload — Web For Pentester 1
Bypass SSL Pinning on Flutter iOS App Using Frida and OpenVPN
Exploring Web3 Security: A Step-by-Step Guide to Creating Proof of Concepts for Previous Findings
Intro to Cloud Security | Tryhackme Writeup/Walkthrough | By Md Amiruddin
The Wild World of Website Tech: HTTP Requests, TCP Connections, and Bug Bounties — Oh My!
Exploring iOS Applications with Frida and Objection: Basic Commands for Pentesting
IDOR Vulnerability at /myaccount/myorders/getShipmentAndItemData lets attacker view other user’s…
What is the Open Redirect vulnerability, find it, and protect against it
My Report on How I avoid That XSS out of Scope when I discovered XSS and How can I convert it to…
30-Minute Heist: How I Bagged a $1500 Bounty in Just few Minutes!
How I was able to access 2 million user’s data in the web3 domain( Another critical bug in crypto
How I Earned $$$ for Excessive Data Exposure Through Directory Traversal Leads to Product Price
My Journey Finding HTML Injection Vulnerability in a popular British Accountancy platform
How an IDOR Can Wreak Havoc: Breaking through the front door!
Attacker Can Takeover Any Account Because of Misconfiguration of Invite Members (Bug-Bounty)
SSRF That Allowed Us to Access Whole Infra Web Services and Many More
How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?
My First Un-Expected $$$$ Digit Bounty for an Un-Expected Vulnerability
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul