Bug Bytes #212 – XSS Payloads, IDOR prediction and Cloud Security
By travisintigriti
September 27, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from September 18th to September 24th
Intigriti News
From my notebook
How is cloud pentesting different to config review? (shorts)
Michael Taggart’s Journey in Education and Information Security
GCP Service Account explained! (shorts)
Authentication Vulnerabilities – Lab #10 Offline password cracking | Short Version
How to Stop an Army of 14 Million Zombie Computers🎙Darknet Diaries Ep. 94: Mariposa Botnet
Cloud Pentesting: AWS vs GCP (shorts)
Directory Traversal / File Read Into Zip with Python [HackTheBox Snoopy]
How “Mimikatz” works (shorts)
Tesla insiders leaked tons of data! #shorts #cybersecurity #infosec (shorts)
UK changing laws to stop security patches to software to make spying easier! #cybersecurity #privacy(shorts)
Start doing cloud pentesting in GCP? (shorts)
Do not forget about this attack scenario #bugbounty #bugbountytips #bugbountyhunter (shorts)
Beginner
Intermediate
Advanced
Security Research
Exploit Analysis: Request-Baskets v1.2.1 Server-side Request Forgery (SSRF)
CVE-2023–39612: CSP bypasss + XSS to achieve Admin Account Takeover + Remote Command Execution
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
The indomitable maintainer spirit versus the indifferent cruelty of JavaScript
Wind River VxWorks tarExtract directory traversal vulnerability
Bugs
Reverse Search IDOR approach to Exposure of all Organizational Sensitive Information.
Discovering 7 Open Redirect Bypasses and 3 XSS Bypasses Within a Single Program
Cross-site Scripting (XSS) On Small Crm Portal CVE-2023–43331
How I Earned My Place Among Ferrari’s Elite-16 in the Hall of Fame
Uncovering a Critical Vulnerability in Samsung Mobile Security: A Bug Bounty Journey
My debut with a Critical Bug: How I found my first bug (API misconfiguration)
My $1000 Bounty Bug: How I Stopped Companies from Losing Money with an IDOR Flaw
Discovering PII with Google Dorking: My Journey of Finding Vulnerabilities in Government Website
Unlocking Premium CV Features: My Journey to Downloading CVs for Free
How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tab
One click Account Takeover & IDOR leaks all user information
API Information Disclosure Leading to Admin Account Takeover
Privilege Escalation: How I Earned $500 by Discovering the Ability to Delete Documents as a Student
Bypassing ML based phishing and spam detection using evasion
CTF challenges
Haylxon: Take screenshots of urls/websites from terminal new release 🦊
Automating Reconnaissance with Sling Shot R3con — powered by project Discovery tools
HTMLSmuggler – HTML Smuggling Generator And Obfuscator For Your Red Team Operations
SMShell – Send Commands And Receive Responses Over SMS From Mobile Broadband Capable Computers
Surf – Escalate Your SSRF Vulnerabilities On Modern Cloud Environments
You may also like
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target