Bug Bytes #196 – Prompt Injection, Self Healing Code, Access Control and Hacker Motivation
By travisintigriti
April 19, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from April 10th to April 16th
Intigriti News
From my notebook
Another week another AI/LLM themed issue but as we move past the initial hype stage we’re starting to see the cracks of LLMs particularly with the news that OpenAI started a bug bounty program, leading to some familiar faces already hitting the top 10 hackers on the program!
On self-healing code and the obvious issue – Gynvael shares some thoughts on asking code to fix their own bugs
Attacking LLM – Prompt Injection – LiveOverflow talks “prompt injection”
ReconAIzer: A powerful extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. – A new Burp addon hopes to leverage GPT for recon tasks
Using AI to Develop Realistic Sock Puppet Accounts – Another use of AI in security
Google Tells AI Agents to Behave Like ‘Believable Humans’ to Create ‘Artificial Society’ – Finally do androids dream of electric sheep?
Other Amazing Things
TryHackMe – Attacktive Directory (Medium) – Live Walkthrough
WAF bypass and vulnerability chain exploiting parser differentials | Waffle-y Order @ HackTheBox
EP116 SBOMs: A Step Towards a More Secure Software Supply Chain
Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Struggle with mental health? Work in cyber? You’re not alone.
Just listen to how well @stokfredrik manages to capture the essence of how cool bug bounties are.
Unravelling the Secrets of Reverse Engineering: Practical Applications for In-Depth Analysis
Mastering Server-side Request Forgery (SSRF): Exploitation Techniques and Practical Labs
Advanced Web Application Security: Exploiting SSTI Vulnerabilities
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
How exploitable sensitive information in API is able to destruct business in disruption era / How exploitable sensitive information in API is able to destruct business in disruption era
Bugbounty Write-up: IDOR Vulnerability in User Deletion Process
From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control
CVE-2023–29218:Twitter Recommendation Algorithm Vulnerability
How I found a Confluence Cloud misconfiguration affecting hundreds of companies: My first writeup!
Fuzzing Made Easy: How to Use wfuzz for Efficient Web Application Testing?
debugHunter – Discover Hidden Debugging Parameters And Uncover Web Application Secrets
Scoper: Burp Suite extension that allows users to easily add web addresses to the Burp Suite scope.
Puredns: Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering
You may also like
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti