hacktricks/pentesting-web/phone-number-injections.md

44 lines
3 KiB
Markdown
Raw Normal View History

2022-12-29 12:18:46 +00:00
# Phone Number Injections
<details>
2024-02-03 14:45:32 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-12-29 12:18:46 +00:00
2024-02-03 14:45:32 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
2022-12-29 12:18:46 +00:00
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
2024-02-03 14:45:32 +00:00
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-12-29 12:18:46 +00:00
</details>
It's possible to **add strings at the end the phone number** that could be used to exploit common injections (XSS, SQLi, SSRF...) or even to bypass protections:
2022-12-29 12:18:46 +00:00
2024-02-06 03:10:38 +00:00
<figure><img src="../.gitbook/assets/image (29).png" alt="https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
2022-12-29 12:18:46 +00:00
2024-02-06 03:10:38 +00:00
<figure><img src="../.gitbook/assets/image (23).png" alt="https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
2022-12-29 12:18:46 +00:00
**OTP Bypass / Bruteforce** would work like this:
2024-02-06 03:10:38 +00:00
<figure><img src="../.gitbook/assets/image (3) (2).png" alt="https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
2022-12-29 12:18:46 +00:00
## References
* [https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0](https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0)
<details>
2024-02-03 14:45:32 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-12-29 12:18:46 +00:00
2024-02-03 14:45:32 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
2022-12-29 12:18:46 +00:00
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
2024-02-03 14:45:32 +00:00
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-12-29 12:18:46 +00:00
</details>