Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week
Source: medium.com
Pwning PHP: Type JugglingCategory: PHP
In PHP “==” is used to compare values of two variables, but like PHP the “==” comparison is also weird. When comparing a string and an integer using “==”, PHP will try to convert the string to an integer and then do the comparison.
As the “password” string has no number in it, the condition will return true. Here is a table of comparisons made by “==” and their results: Now let’s take a look at some real-world bugs: As the checksum is compared loosely, we can set the checksum value as “true” or “0” to bypass the validation mechanism: dzone.com
We can make use of JSON to do this: We can use “===” , the strict version of “==”.
As the “password” string has no number in it, the condition will return true. Here is a table of comparisons made by “==” and their results: Now let’s take a look at some real-world bugs: As the checksum is compared loosely, we can set the checksum value as “true” or “0” to bypass the validation mechanism: dzone.com
We can make use of JSON to do this: We can use “===” , the strict version of “==”.
Newsletter
ToastMail
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.
Community Partners
Laravel/PHP Careers