Bug Bytes #196 – Prompt Injection, Self Healing Code, Access Control and Hacker Motivation
By travisintigriti
April 19, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from April 10th to April 16th
Intigriti News
From my notebook
Another week another AI/LLM themed issue but as we move past the initial hype stage we’re starting to see the cracks of LLMs particularly with the news that OpenAI started a bug bounty program, leading to some familiar faces already hitting the top 10 hackers on the program!
On self-healing code and the obvious issue – Gynvael shares some thoughts on asking code to fix their own bugs
Attacking LLM – Prompt Injection – LiveOverflow talks “prompt injection”
ReconAIzer: A powerful extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. – A new Burp addon hopes to leverage GPT for recon tasks
Using AI to Develop Realistic Sock Puppet Accounts – Another use of AI in security
Google Tells AI Agents to Behave Like ‘Believable Humans’ to Create ‘Artificial Society’ – Finally do androids dream of electric sheep?
Other Amazing Things
TryHackMe – Attacktive Directory (Medium) – Live Walkthrough
WAF bypass and vulnerability chain exploiting parser differentials | Waffle-y Order @ HackTheBox
EP116 SBOMs: A Step Towards a More Secure Software Supply Chain
Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Struggle with mental health? Work in cyber? You’re not alone.
Just listen to how well @stokfredrik manages to capture the essence of how cool bug bounties are.
Unravelling the Secrets of Reverse Engineering: Practical Applications for In-Depth Analysis
Mastering Server-side Request Forgery (SSRF): Exploitation Techniques and Practical Labs
Advanced Web Application Security: Exploiting SSTI Vulnerabilities
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
How exploitable sensitive information in API is able to destruct business in disruption era / How exploitable sensitive information in API is able to destruct business in disruption era
Bugbounty Write-up: IDOR Vulnerability in User Deletion Process
From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control
CVE-2023–29218:Twitter Recommendation Algorithm Vulnerability
How I found a Confluence Cloud misconfiguration affecting hundreds of companies: My first writeup!
Fuzzing Made Easy: How to Use wfuzz for Efficient Web Application Testing?
debugHunter – Discover Hidden Debugging Parameters And Uncover Web Application Secrets
Scoper: Burp Suite extension that allows users to easily add web addresses to the Burp Suite scope.
Puredns: Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering
You may also like
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In