Bug Bytes #196 – Prompt Injection, Self Healing Code, Access Control and Hacker Motivation
By travisintigriti
April 19, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from April 10th to April 16th
Intigriti News
From my notebook
Another week another AI/LLM themed issue but as we move past the initial hype stage we’re starting to see the cracks of LLMs particularly with the news that OpenAI started a bug bounty program, leading to some familiar faces already hitting the top 10 hackers on the program!
On self-healing code and the obvious issue – Gynvael shares some thoughts on asking code to fix their own bugs
Attacking LLM – Prompt Injection – LiveOverflow talks “prompt injection”
ReconAIzer: A powerful extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. – A new Burp addon hopes to leverage GPT for recon tasks
Using AI to Develop Realistic Sock Puppet Accounts – Another use of AI in security
Google Tells AI Agents to Behave Like ‘Believable Humans’ to Create ‘Artificial Society’ – Finally do androids dream of electric sheep?
Other Amazing Things
TryHackMe – Attacktive Directory (Medium) – Live Walkthrough
WAF bypass and vulnerability chain exploiting parser differentials | Waffle-y Order @ HackTheBox
EP116 SBOMs: A Step Towards a More Secure Software Supply Chain
Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Struggle with mental health? Work in cyber? You’re not alone.
Just listen to how well @stokfredrik manages to capture the essence of how cool bug bounties are.
Unravelling the Secrets of Reverse Engineering: Practical Applications for In-Depth Analysis
Mastering Server-side Request Forgery (SSRF): Exploitation Techniques and Practical Labs
Advanced Web Application Security: Exploiting SSTI Vulnerabilities
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
How exploitable sensitive information in API is able to destruct business in disruption era / How exploitable sensitive information in API is able to destruct business in disruption era
Bugbounty Write-up: IDOR Vulnerability in User Deletion Process
From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control
CVE-2023–29218:Twitter Recommendation Algorithm Vulnerability
How I found a Confluence Cloud misconfiguration affecting hundreds of companies: My first writeup!
Fuzzing Made Easy: How to Use wfuzz for Efficient Web Application Testing?
debugHunter – Discover Hidden Debugging Parameters And Uncover Web Application Secrets
Scoper: Burp Suite extension that allows users to easily add web addresses to the Burp Suite scope.
Puredns: Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering
You may also like
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target