RFC3966: Parsing phone numbers is hard :D Christopher Bleckmann-Dreher - 17 Dec 2022 Did you know you can hide your payloads in phone numbers? āļøš±RFC3966 specifies parameters for valid phone numbers that can contain characters. @securinti discovered that popular libraries are vulnerable and that it can lead to XSS and even ATO!š„#BugBountyTips #NahamCon2022EU pic.twitter.com/tNUVyZu7Ozā INTIGRITI (@intigriti) December 17, 2022