Intigriti Bug Bytes #230 - November 2025 🚀

By Ayoub

November 21, 2025

Table of contents

Hi hackers,

Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: 

  • Finding an RCE using AI in GitHub 

  • CORS exploitation cheat sheet 

  • Scanning codebases with AI 

  • Bypassing paywalls 

  • SSTIs in AI models

  

And so much more! Let’s dive in!

Company News

Intigriti wins 2025 UK IT Industry Awards

We are thrilled to announce that Intigriti has won Security Innovation of the Year at the UK IT Industry Awards 2025!

This award recognises Intigriti's breakthroughs and excellence in delivering cybersecurity services worldwide. We are immensely proud to mark this milestone and would like to thank our researcher community for making this possible.  

Read all about this achievement in our announcement post or on our LinkedIn page.

ntigriti wins ‘Security Innovation of the Year’ at the 2025 UK IT Industry Awards

Learn more

Participate in INTIGRITI CTF 1125!

Looking for a fun activity to put your hacking skills to the test? This month’s CTF challenge requires you to pop a shell and find your way into the system to capture the flag. 

With over 75+ solves so far, it joins the list of one of the most popular challenges to be featured on Intigriti.

Wish to still participate? Follow the instructions on the challenge page and make sure you submit your flag before Monday, the 24th, 11:59 PM UTC.

INTIGRITI 1125 CTF Challenge

Participate now →

Blogs & videos

Exploiting JWTs

Exploiting JWT vulnerabilities: A complete guide Cover Image

JSON Web Tokens power authentication in millions of modern web applications... yet misconfigurations and improper validation create critical security flaws that can lead to complete account takeover. From algorithm confusion attacks to key injection vulnerabilities, developers often introduce exploitable weaknesses.

In our technical article, we've outlined 7 methods to test and exploit JWT vulnerabilities, including real-world code examples and proof-of-concepts.

  • Cross-site scripting (XSS) vulnerabilities continue to haunt web applications despite decades of awareness... and are unlikely to disappear anytime soon. Many researchers struggle to move beyond basic payloads when filters and WAFs block their attempts. In our complete XSS exploitation guide, we've broken down a proven 3-step methodology to systematically identify reflected XSS, from mapping reflection points to crafting context-aware payloads that evade common filters.  

  • As applications shift logic to the client-side, DOM-based XSS vulnerabilities have become increasingly prevalent... yet they remain one of the hardest vulnerability types to detect and exploit. Unlike traditional XSS, malicious input flows from a DOM source to a DOM sink without ever appearing in the HTTP response. In our comprehensive guide, we've documented proven methodologies for identifying and exploiting DOM-based XSS.

Tools & resourcesTools

Metis AI-powered security code review

Metis AI-powered security code review

Scanning codebases for vulnerabilities is now possible with AI. Arm Metis is an open-source, AI-driven tool for deep security code review, capable of identifying a wide range of anomalies in codebases.

  • Finding misconfigurations in JWT implementations can be as simple as running jwt_tool. This tool can help you spot all sorts of JWT attacks (including CVEs) to forge your own tokens.

  • Have you found a possible XSS injection point? And is your target’s WAF still getting in the way? Check out JS-DOMestify, a simple tool that converts any JS code to browser-runnable code using only ASCII characters and basic, non-intrusive symbols.  

  • Developers commonly set up third-party tools and services incorrectly, sometimes leaving them wide open for vulnerabilities to arise. Misconfig Mapper is a simple, template-based tool that can help you easily check your list of targets for possible third-party security misconfigurations.

Resources

Exploiting CORS Misconfigurations

Testing for CORS misconfigurations cheat sheet

CORS misconfigurations can result in sensitive data leaks. However they can be unexploitable due to browser restrictions. We've created a small cheat sheet to help you determine the exploitability of any CORS misconfiguration.

If you wish to delve deeper into CORS exploitation, be sure to read our comprehensive article.

  • AI tools are being used more in web app hacking. This researcher shares how he scored a critical RCE worth $20K in GitHub using Claude AI.

  • Content security policies can be bypassed in various ways.
    @xssdoctor shares one of the lesser-known methods to evade CSP with a PDF file.

  • This latest CVE in Entr'ouvert Lasso covers an interesting SAML-based RCE triggered when you send a malformed request.

  • Paywall bypasses can lead to financial losses to companies.
    @medusa_0xf shares several interesting techniques to bypass payment gateways in her video.

  • Everyone likes to find RCEs. This security researcher shares his methodology of finding his first remote code execution vulnerability, earning him a 4-digit bounty.

  • Sometimes, simple bugs like IDORs can cause a major impact on the affected organization. Discover how this researcher gained access to the PII of 6.4 million users.

  • Bug bounties can be challenging, especially as you’re starting.
    @furkan0x01 shares his experience of how he made 6 figures in his first year as a full-time bug bounty hunter.

  • Authentication bypasses are still out there. This bug bounty hunter documents how he found an authentication bypass via an OAuth misconfiguration.

  • As development continues to evolve, so do the injection bugs. This researcher found a particularly interesting server-side template injection vulnerability in an AI model.

Feedback & suggestions

Before you click away: Do you have feedback, or would you like your technical content to get featured in the next Bug Bytes issue? We want to hear from you. Feel free to send us an email at support@intigriti.com or DM us on X/Twitter, and we’ll take it from there.

Did you like this Bug Bytes issue? Consider sharing it with your friends and tagging us along on X/Twitter, Instagram, or LinkedIn.


Wishing you a bountiful month ahead,

Keep on rocking!

Author

Ayoub

Senior security content developer

You may also like

October 31, 2025

Intigriti Bug Bytes #229 - October 2025 🚀

Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring:  Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s 

Read more

September 12, 2025

Intigriti Bug Bytes #228 - September 2025 🚀

Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring:  A common (yet unknown) SSRF attack vector in Next.js Middleware  Exploiting PDF processors by generating and uploading malicious PDF payload files  A full reconnaissance breakdown on how to approach any target 

Read more

August 15, 2025

Intigriti Bug Bytes #227 - August 2025 🚀

Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring:  Evading WAFs like Cloudflare, Akamai & AWS Cloudfront  Creating your complete bug bounty automation system  A powerful, targeted backup file scanner  Bypassing CSP to achieve XSS via a cool trick with PDF file

Read more