php type juggling
Occurs when php mistreats data types that resulting in unintended output
eg : "1" + 2 = 3
(โPuppiesโ == 0) -> True
If string is empty
then it means 0
if converted to integer
== Operator
$secret_password = "mYs3cr3tP@ssw0rd";
$input_password = "0e12345678"; // User input (not intended to be a number)
if ($secret_password == $input_password) {
echo "Access granted!";
} else {
echo "Access denied!";
}
0e12345678
represents 0
raised to the power of 12345678
Therefore
("mYs3cr3tP@ssw0rd" == 0) -> True
=
Operator
=
Operator$value = "admin"; // $value is a string containing "admin"
if ($value = "admintest") { // admin = string , adnintest = string
echo "Condition is true.";// admin = admintest
} else {
echo "Condition is false.";
}
PHP will treat both "admin" and "adminer" as strings , this is because the value "admintest" is assigned to username , and any non-empty string is considered true in a boolean context.
References : https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09
Last updated
Was this helpful?