A lot of vulnerabilities like this are found with fuzzing. Same with poor encryption schemes. Depends what your definition of clever is but normally fuzzing is an intermediate research step to just see what response you get as you change input to ascertain information of what's going on behind the scenes so you can use a more directed attack later.