Bug Bytes #216 – SQL injections, Android XSS and Writing Quality Reports
By travisintigriti
November 2, 2023
Last updated on April 4, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from October 23rd to October 29th
Intigriti News
From my notebook
HackTheBox – Gofer & Binary Analysis of notes [HackTheBox Gofer]
Thousands of remote IT workers discovered to be North Korean Spies
Let’s Hack Together! Follow Along Livestream w/ Gerald Auger, PhD
@Shenetworks: Leveraging Content Creation to Build a Career in Cybersecurity
They Hired Him to Snoop a Target, but Something Felt Very Wrong🎙Darknet Diaries Ep. 99: The Spy
Cloud Security Tools from Cloud Pentest Lab | DeRF |Stratus Red Team
EP149 Cloud Security: Shared Responsibility, Shared Fate, Shared Faith?
Cyber sloppiness, and why does Google really want to hide your IP address?
Risky Business #726 — Okta owned while Cisco takes a massive L
220 – Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
Beginner
Simple Tips for Bug Bounty Beginners: Finding Open Redirect Bugs
Looking for Broken Access Control Vulnerabilities in websites
Mastering SQL Injection on DVWA Low Security with Burp Suite: A Comprehensive Guide — StackZero
A Guide to LFI Discovery: Uncover Vulnerabilities and Enhance Web Security | Bug bounty
Intermediate
Advanced
Security Research
Bugs
XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover
Beyond Error Messages: Super Admin Deletion due to Broken Access Control (€€€)
One Bug at a Time: Patent Pirating using IDOR | RE’ing US Patent and Trademark Office for fun
Securing Data: How I Quickly Accessed 3000 Student Records in under 5 Minutes
CTF challenges
Hakky54/certificate-ripper: 🔐 A CLI tool to extract server certificates
Arsenal – Just A Quick Inventory And Launcher For Hacking Programs
PostLeaks Tool that searches for sensitive data in public Postman API assets
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul