Skip to content

Phone Number Injections

[AD REMOVED]

It's possible to add strings at the end the phone number that could be used to exploit common injections (XSS, SQLi, SSRF...) or even to bypass protections:

https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0

https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0

OTP Bypass / Bruteforce would work like this:

https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0

References

[AD REMOVED]

All content on this page is from HackTricks, which belongs to Carlos Polop and is licensed under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) license unless otherwise specified. This page is generated from the HackTricks wiki and just has the ads removed.