PHP Type Juggling

Type Juggling

Type Juggling vulnerable versions of PHP

> 8.0.0

// 7.4.33 version
<?php
    echo var_dump( "0abc" == (int)"0000000000" );
?>

// Result : bool(true)

// 8.3.0 version
<?php
    echo var_dump( "0abc" == (int)"0000000000" );
?>

// Result : bool(false)



<?php
    echo sha1("1");
?>

// Result : 356a192b7913b04c54574d18c28d46e6395428ab

// 7.4.33 version
<?php
    echo var_dump( (int)"356abcde" == sha1("1") );
?>

// Result : bool(true)

Magic hash

// 8.2.10 version
<?php
    echo var_dump( md5("QLTHNDT") == 0 );
?>

// Result : bool(true)

https://github.com/spaze/hashes

Loose(==) comparisons Table

/assets/gitbook/images/2023-09-25/php-loose-comparisons.PNG

Strict(===) comparisons Table

/assets/gitbook/images/2023-09-25/php-strict-comparisons.PNG

results matching ""

    No results matching ""