Phone Number Injections

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

It's possible to add strings at the end the phone number that could be used to exploit common injections (XSS, SQLi, SSRF...) or even to bypass protections:

https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0

OTP Bypass / Bruteforce would work like this:

References

https://www.youtube.com/watch?app=desktop&v=4ZsTKvfP1g0

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

3 KiB Raw Permalink Blame History

Phone Number Injections

References

3 KiB

Raw Permalink Blame History