Bug Bytes #213 – Hacking a Prison, XSS on steroids, CAIDO free for students and Bogus CVEs

By travisintigriti

October 4, 2023

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from September 25th to October 1st


Intigriti News

From my notebook

  1. Bug Bounty Stories (EP2): Hacking a Prison – NahamSec shows us why reading the javascript is important

  2. Bounty of an Insecure WebView (Part 1): XSS, but with Steroids – A fun XSS in a mobile apps WebView causes an interesting XSS vector

  3. CAIDO launches a student plan! – If you’re a student you can get CAIDO for free, simply email them proof of student status

  4. The bogus CVE problem [] – While the CVE system is crucial for tracking vulnerabilities, not every entry is submitted in good faith

  5. Input Validation: Necessary but Not Sufficient; It Doesn’t Target the Fundamental Issue – Input validation is an important method for stopping some vulnerabilities, but that doesn’t mean it’s akkways the right choice!

You may also like