Bug Bytes #217 – how to submit vulnerabilities, writing a great writeup and 2 years of bug bounty
By travisintigriti
November 22, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from November 6th to November 19th
Intigriti News
From my notebook
Dan Rearden | The Write-Ups & Downs To Making A Great Write-Up | Simply Cyber Con 23
Bug bounty: year 2 – 0days, a $20k bounty and… laziness – bounty vlog #5
Potential vulnerability in AI chatbots feat. @rez0 #bugbounty #bugbountytips #bugbountyhunter (shorts)
Watch out for API use theft when implementing AI chatbots feat. @rez0 #bugbounty #bugbountytips (shorts)
How to monetise a scalable 0day in bug bounty? #bugbounty #bugbountytips #bugbountyhunter (shorts)
$3,200 client-side DoS in PayPal #bugbounty #bugbountytips #bugbountyhunter (shorts)
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports
Another Cisco 0-day discovered #cybersecurity #cisco (shorts)
Bug Bounty Stories: HACKING REDBULL again! (Tomcat + Jolokia Walkthrough)
It Wasn’t Easy to Print $250 Million of Counterfeit Cash🎙Darknet Diaries Ep. 102: Money Maker
One Click, $9 Million In Student Debt Erased🎙Darknet Diaries Ep. 139: D3f4ult
Why Was Puerto Rico’s Lottery Leaking Millions of Dollars a Month? 💸 Darknet Diaries Ep 101: Lotería
Beginner
Intermediate
Advanced
Security Research
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)
Plundering Postman with Porch Pirate
CrushFTP – CVE-2023-43177 – Unauthenticated Root-Level RCE Chain
Accessing Azure Kubernetes Service as Guest and Cross-Tenant
Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3)
Post-exploiting a compromised etcd – Full control over the cluster and its nodes
Your printer is not your printer ! – Hacking Printers at Pwn2Own Part II
Bugs
Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles
Default Credentials, P1 with $$$$ Reward in a Bug Bounty Program
OAuth Misconfiguration Leads To Pre-Account Takeover(snapchat)
$1000 Bounty: How I scaled a Self-Redirect to an XSS in a web 3.0 system at Hackenproof
How I got a $500 reward for finding an unacclaimed bucket on GitHub
Riding the Waves of API Versioning: Unmasking a Stored XSS Vulnerability, CSP Bypass Using YouTube…
How I hacked Google’s bug tracking system itself for $15,600 in bounties
Idor That allowed me to get access to sensitive users files and share them
1200$ IDOR Flaw: Allow Attacker To Approve Project Time Tracking
I created posts on the newsletter page dedicated to the program administrator
Subdomain takeover and Text injection on a 404 error page-$100 bounty
Unlocking Cash: Easy P1 Bug in Grafana Dashboard with Default Credentials = €€€€
Dutch T-Shirts for Dutch Hacks: A Tale of Four Vulnerabilities!!
Bypassing 2FA for Password Reset : By Request Manipulation 500$ Bug
Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration
$1800 Bounty: Exploiting Unpredictable Data that Leads to All Users PII Exposure in an IDOR
How I was able to find BAC on the University website leading to result dumping?
Cloudflare Bypass leads to RXSS[Reflected-Cross Site Scripting] in Microsoft
How I sent multiple payment requests on PhonePe, Paytm, and Google Pay
Discovering and Exploiting a XML External Entity (XXE) Vulnerability in a Public Bug Bounty Program
CTF challenges
You may also like
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target