Source: medium.com

Pwning PHP: Type Juggling

Category: PHP

We think you might be interested in this job:

Lead Full-Stack Developer

SPARK Business Works

In PHP “==” is used to compare values of two variables, but like PHP the “==” comparison is also weird. When comparing a string and an integer using “==”, PHP will try to convert the string to an integer and then do the comparison.

As the “password” string has no number in it, the condition will return true. Here is a table of comparisons made by “==” and their results: Now let’s take a look at some real-world bugs: As the checksum is compared loosely, we can set the checksum value as “true” or “0” to bypass the validation mechanism: dzone.com

We can make use of JSON to do this: We can use “===” , the strict version of “==”.
Newsletter

Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week

Fathom Analytics | Fast, simple and privacy-focused website analytics. Fathom Analytics | Fast, simple and privacy-focused website analytics.
Community Partners