Bug Bytes #196 – Prompt Injection, Self Healing Code, Access Control and Hacker Motivation
By travisintigriti
April 19, 2023
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from April 10th to April 16th
Intigriti News
From my notebook
Another week another AI/LLM themed issue but as we move past the initial hype stage we’re starting to see the cracks of LLMs particularly with the news that OpenAI started a bug bounty program, leading to some familiar faces already hitting the top 10 hackers on the program!
On self-healing code and the obvious issue – Gynvael shares some thoughts on asking code to fix their own bugs
Attacking LLM – Prompt Injection – LiveOverflow talks “prompt injection”
ReconAIzer: A powerful extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. – A new Burp addon hopes to leverage GPT for recon tasks
Using AI to Develop Realistic Sock Puppet Accounts – Another use of AI in security
Google Tells AI Agents to Behave Like ‘Believable Humans’ to Create ‘Artificial Society’ – Finally do androids dream of electric sheep?
Other Amazing Things
TryHackMe – Attacktive Directory (Medium) – Live Walkthrough
WAF bypass and vulnerability chain exploiting parser differentials | Waffle-y Order @ HackTheBox
EP116 SBOMs: A Step Towards a More Secure Software Supply Chain
Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Struggle with mental health? Work in cyber? You’re not alone.
Just listen to how well @stokfredrik manages to capture the essence of how cool bug bounties are.
Unravelling the Secrets of Reverse Engineering: Practical Applications for In-Depth Analysis
Mastering Server-side Request Forgery (SSRF): Exploitation Techniques and Practical Labs
Advanced Web Application Security: Exploiting SSTI Vulnerabilities
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
How exploitable sensitive information in API is able to destruct business in disruption era / How exploitable sensitive information in API is able to destruct business in disruption era
Bugbounty Write-up: IDOR Vulnerability in User Deletion Process
From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control
CVE-2023–29218:Twitter Recommendation Algorithm Vulnerability
How I found a Confluence Cloud misconfiguration affecting hundreds of companies: My first writeup!
Fuzzing Made Easy: How to Use wfuzz for Efficient Web Application Testing?
debugHunter – Discover Hidden Debugging Parameters And Uncover Web Application Secrets
Scoper: Burp Suite extension that allows users to easily add web addresses to the Burp Suite scope.
Puredns: Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul