Bug Bytes #216 – SQL injections, Android XSS and Writing Quality Reports
By travisintigriti
November 2, 2023
Last updated on April 4, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from October 23rd to October 29th
Intigriti News
From my notebook
HackTheBox – Gofer & Binary Analysis of notes [HackTheBox Gofer]
Thousands of remote IT workers discovered to be North Korean Spies
Let’s Hack Together! Follow Along Livestream w/ Gerald Auger, PhD
@Shenetworks: Leveraging Content Creation to Build a Career in Cybersecurity
They Hired Him to Snoop a Target, but Something Felt Very Wrong🎙Darknet Diaries Ep. 99: The Spy
Cloud Security Tools from Cloud Pentest Lab | DeRF |Stratus Red Team
EP149 Cloud Security: Shared Responsibility, Shared Fate, Shared Faith?
Cyber sloppiness, and why does Google really want to hide your IP address?
Risky Business #726 — Okta owned while Cisco takes a massive L
220 – Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
Beginner
Simple Tips for Bug Bounty Beginners: Finding Open Redirect Bugs
Looking for Broken Access Control Vulnerabilities in websites
Mastering SQL Injection on DVWA Low Security with Burp Suite: A Comprehensive Guide — StackZero
A Guide to LFI Discovery: Uncover Vulnerabilities and Enhance Web Security | Bug bounty
Intermediate
Advanced
Security Research
Bugs
XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover
Beyond Error Messages: Super Admin Deletion due to Broken Access Control (€€€)
One Bug at a Time: Patent Pirating using IDOR | RE’ing US Patent and Trademark Office for fun
Securing Data: How I Quickly Accessed 3000 Student Records in under 5 Minutes
CTF challenges
Hakky54/certificate-ripper: 🔐 A CLI tool to extract server certificates
Arsenal – Just A Quick Inventory And Launcher For Hacking Programs
PostLeaks Tool that searches for sensitive data in public Postman API assets
You may also like
June 26, 2026
Intigriti Bug Bytes #237 - June 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we are featuring: A 10-year-old pre-auth RCE in phpBB Earning $500K hacking Google with AI Reading any Salesforce Marketing Cloud account's emails New DOMPurify sanitizer bypass Mapping abandoned S3 buckets to redo SolarWinds at
May 30, 2026
Intigriti Bug Bytes #236 - May 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Earning $148K via RCE in Google Cloud How public Google API keys became Gemini credentials Our first official Burp Suite extension Two new bypasses for Chrome's Sanitizer API One-click account takeover from a
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive