DREHSEC IT Security&Research
  • Blog
  • DREHSEC IT Security&Research
  • dreher.in
  • meme.drehsec.tk

RFC3966: Parsing phone numbers is hard :D

  • Christopher Bleckmann-Dreher

Christopher Bleckmann-Dreher

Dec 17, 2022

Did you know you can hide your payloads in phone numbers? ā˜ŽļøšŸ˜±
RFC3966 specifies parameters for valid phone numbers that can contain characters. @securinti discovered that popular libraries are vulnerable and that it can lead to XSS and even ATO!šŸ”„#BugBountyTips #NahamCon2022EU pic.twitter.com/tNUVyZu7Oz

— INTIGRITI (@intigriti) December 17, 2022
šŸ“Š Exciting Weekend Project Reveal: wpad.je Tracker šŸŒ

šŸ“Š Exciting Weekend Project Reveal: wpad.je Tracker šŸŒ

šŸš€ I'm thrilled to share the results of my latest weekend project: the wpad.je Tracker! This innovative tool provides fascinating insights into web traffic patterns and proxy usage. https://wpad.je šŸ–„ļø Top Stats After Just One Weekend: 273 requests from a single IP (99.65.78.*) 463 requests
Oct 20, 2024 1 min read
Bolt.new: The Public Workspace Roulette - Stackblitz's Unintended Feature

Bolt.new: The Public Workspace Roulette - Stackblitz's Unintended Feature

In the world of technology, there's often a fine line between a "feature" and a "vulnerability." Recently, I stumbled upon a very interesting quirk in Stackblitz's new service, Bolt.new, and well... let's just say it might make you question
Oct 16, 2024 4 min read
The Day I Almost Became a Solar Supervillain

The Day I Almost Became a Solar Supervillain

Picture this: It's a scorching summer day, and I'm sitting in my dimly lit home office, cursing at my air conditioner for choosing the hottest day of the year to break down. As I fan myself with an old magazine, I start daydreaming about having unlimited
Sep 6, 2024 3 min read
DREHSEC IT Security&Research © 2024
  • memegen docs
Powered by Ghost