Bug Bytes #216 – SQL injections, Android XSS and Writing Quality Reports

By travisintigriti

November 2, 2023

Last updated on April 4, 2025

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from October 23rd to October 29th

Intigriti News

From my notebook

  1. Automating Boolean SQL Injection and Evading Filters

  2. Execution of Arbitrary JavaScript in Android Application

  3. Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting

  4. Best Practices for Writing Quality Vulnerability Reports

  5. How I Hacked 1000 + Tesla Cars using OSINT

Join 125,000+ Security Researchers Getting Monthly Bug Bounty Tips & Insights!

You may also like

Welcome to the latest edition of Bug Bytes! In this month's issue, we are featuring: A 10-year-old pre-auth RCE in phpBB Earning $500K hacking Google with AI Reading any Salesforce Marketing Cloud account's emails New DOMPurify sanitizer bypass Mapping abandoned S3 buckets to redo SolarWinds at

Read more

Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Earning $148K via RCE in Google Cloud How public Google API keys became Gemini credentials Our first official Burp Suite extension Two new bypasses for Chrome's Sanitizer API One-click account takeover from a

Read more

Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring:   Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive

Read more