hacktricks/pentesting-web/phone-number-injections.md

3.6 KiB

Phone Number Injections

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥

It's possible to add strings at the end the phone number that could be used to exploit common injections (XSS, SQLi, SSRF...) or even to bypass protections:

OTP Bypass / Bruteforce would work like this:

References

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥