Bug Bytes #217 – how to submit vulnerabilities, writing a great writeup and 2 years of bug bounty
By travisintigriti
November 22, 2023
Last updated on July 14, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from November 6th to November 19th
Intigriti News
From my notebook
Dan Rearden | The Write-Ups & Downs To Making A Great Write-Up | Simply Cyber Con 23
Bug bounty: year 2 – 0days, a $20k bounty and… laziness – bounty vlog #5
Potential vulnerability in AI chatbots feat. @rez0 #bugbounty #bugbountytips #bugbountyhunter (shorts)
Watch out for API use theft when implementing AI chatbots feat. @rez0 #bugbounty #bugbountytips (shorts)
How to monetise a scalable 0day in bug bounty? #bugbounty #bugbountytips #bugbountyhunter (shorts)
$3,200 client-side DoS in PayPal #bugbounty #bugbountytips #bugbountyhunter (shorts)
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports
Another Cisco 0-day discovered #cybersecurity #cisco (shorts)
Bug Bounty Stories: HACKING REDBULL again! (Tomcat + Jolokia Walkthrough)
It Wasn’t Easy to Print $250 Million of Counterfeit Cash🎙Darknet Diaries Ep. 102: Money Maker
One Click, $9 Million In Student Debt Erased🎙Darknet Diaries Ep. 139: D3f4ult
Why Was Puerto Rico’s Lottery Leaking Millions of Dollars a Month? 💸 Darknet Diaries Ep 101: Lotería
Beginner
Intermediate
Advanced
Security Research
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)
Plundering Postman with Porch Pirate
CrushFTP – CVE-2023-43177 – Unauthenticated Root-Level RCE Chain
Accessing Azure Kubernetes Service as Guest and Cross-Tenant
Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3)
Post-exploiting a compromised etcd – Full control over the cluster and its nodes
Your printer is not your printer ! – Hacking Printers at Pwn2Own Part II
Bugs
Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles
Default Credentials, P1 with $$$$ Reward in a Bug Bounty Program
OAuth Misconfiguration Leads To Pre-Account Takeover(snapchat)
$1000 Bounty: How I scaled a Self-Redirect to an XSS in a web 3.0 system at Hackenproof
How I got a $500 reward for finding an unacclaimed bucket on GitHub
Riding the Waves of API Versioning: Unmasking a Stored XSS Vulnerability, CSP Bypass Using YouTube…
How I hacked Google’s bug tracking system itself for $15,600 in bounties
Idor That allowed me to get access to sensitive users files and share them
1200$ IDOR Flaw: Allow Attacker To Approve Project Time Tracking
I created posts on the newsletter page dedicated to the program administrator
Subdomain takeover and Text injection on a 404 error page-$100 bounty
Unlocking Cash: Easy P1 Bug in Grafana Dashboard with Default Credentials = €€€€
Dutch T-Shirts for Dutch Hacks: A Tale of Four Vulnerabilities!!
Bypassing 2FA for Password Reset : By Request Manipulation 500$ Bug
Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration
$1800 Bounty: Exploiting Unpredictable Data that Leads to All Users PII Exposure in an IDOR
How I was able to find BAC on the University website leading to result dumping?
Cloudflare Bypass leads to RXSS[Reflected-Cross Site Scripting] in Microsoft
How I sent multiple payment requests on PhonePe, Paytm, and Google Pay
Discovering and Exploiting a XML External Entity (XXE) Vulnerability in a Public Bug Bounty Program
CTF challenges
You may also like
May 30, 2026
Intigriti Bug Bytes #236 - May 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Earning $148K via RCE in Google Cloud How public Google API keys became Gemini credentials Our first official Burp Suite extension Two new bypasses for Chrome's Sanitizer API One-click account takeover from a
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team