hacktricks/pentesting-web/phone-number-injections.md
2024-12-12 11:39:29 +01:00

3 KiB

Phone Number Injections

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

It's possible to add strings at the end the phone number that could be used to exploit common injections (XSS, SQLi, SSRF...) or even to bypass protections:

https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0
https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0

OTP Bypass / Bruteforce would work like this:

https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0

References

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}