Bug Bytes #209 – The only graphQL wordlist you need, ML bug hunting and VDP submissions
By travisintigriti
August 23, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from August 14th – August 20th
Intigriti News
From my notebook
graphql-wordlist – The only graphql wordlists you’ll ever need.
Google Online Security Blog: AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
DEFCON 31
Risky Biz News: PowerShell’s official package repo is a supply chain mess
NO. 394 — Vegas Recap, CISA MS Alert, China/US AI Fight, Deceased Kid AI, Following vs. Leading
EP134 How to Prioritize UX and Security in the Cloud: UX as a Security Capability
Beginner
Intermediate
Advanced
Security Research
SQL injection in Apache Airflow MySQL provider (CVE-2023–22884) — PoC + exploit
Podman API service listening on TCP can be used from websites
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Third-Party GitHub Actions: Effects of an Opt-Out Permission Model
A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition
Creating Fully Undetectable JavaScript Payloads to Evade Next-Generation Firewalls
NetModule Router Software Race Condition Leads to Remote Code Execution – Pentest Blog
A phishing attempt on Steam that became a Qrljacking research
emptynebuli/StealthBunny: Gadget IoC removal from HAK5’s BashBunny
Bugs
CTF challenges
Xsubfind3R – A CLI Utility To Find Domain’S Known Subdomains From Curated Passive Online Sources
HackBot – A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI
Redeye – A Tool Intended To Help You Manage Your Data During A Pentest Operation
InfoHound – An OSINT To Extract A Large Amount Of Data Given A Web Domain Name
You may also like
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s