Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week
Source: medium.com
Pwning PHP: Type JugglingCategory: PHP
In PHP “==” is used to compare values of two variables, but like PHP the “==” comparison is also weird. When comparing a string and an integer using “==”, PHP will try to convert the string to an integer and then do the comparison.
As the “password” string has no number in it, the condition will return true. Here is a table of comparisons made by “==” and their results: Now let’s take a look at some real-world bugs: As the checksum is compared loosely, we can set the checksum value as “true” or “0” to bypass the validation mechanism: dzone.com
We can make use of JSON to do this: We can use “===” , the strict version of “==”.
As the “password” string has no number in it, the condition will return true. Here is a table of comparisons made by “==” and their results: Now let’s take a look at some real-world bugs: As the checksum is compared loosely, we can set the checksum value as “true” or “0” to bypass the validation mechanism: dzone.com
We can make use of JSON to do this: We can use “===” , the strict version of “==”.
Newsletter
Glimpse
Glimpse streamlines Laravel development by seamlessly deploying GitHub pull requests to preview environments with the help of Laravel Forge.
Community Partners
Laravel/PHP Careers