typejuggling – WindowsTechs.com

Type juggling in PHP [migrated]

Posted on February 5, 2023 by user5623335

I am new to type juggling attacks in PHP, and only just encountered a magic hash exploit in a war game recently.
Could someone explain why the below PHP code evaluates to true?
I understand that the ‘e’ letter for exponent causes PHP to th… Continue reading Type juggling in PHP [migrated]→

Magic hash attack in JavaScript

Posted on September 7, 2020 by drewiepooey

In PHP a magic hash attack happens when loose type comparisons cause completely different values to be evaluated as equal, causing a password "match" without actually knowing the password. Here is an example:
<?php
if (hash(‘m… Continue reading Magic hash attack in JavaScript→

Array in HTTP GET/POST requests

Posted on February 22, 2018 by DannyNiu

In PHP server programming, URL-encoded GET/POST requests are parsed into associative “array” type upon receiving. For most of the time, query arguments can be assumed to be strings, however sometimes certain query arguments a… Continue reading Array in HTTP GET/POST requests→

PHP type juggling with MAC

Posted on January 19, 2018 by Ludisposed

I am trying to solve a challenge, and I suspect it has to do with PHP juggling, because I get this base64 encoded json cooke as a response {“User”:”foo”,”MAC”:”bar”}

BUG #2

The calculated MAC (i.e. the result of hash… Continue reading PHP type juggling with MAC→

Is the undesirable conversion of a scientific number a vulnerability?

Posted on June 20, 2016 by Kevin Morssink

I noticed in several penetration tests that PHP is converting values like 1e9 to 1000000000 while the max accepted string length of this number is 3 (in the database storage and as maxlength property on the HTML forms).

Nev… Continue reading Is the undesirable conversion of a scientific number a vulnerability?→