php-type-juggling.md 876 B


title: PHP Type Juggling categories: [cheatsheets]

tags: [security, web]

PHP Type Juggling

Reference: PHPMagicTricks-TypeJuggling.pdf

PHP has two main comparison modes, lets call them loose (==) and strict (===).

Comparing a string to an integer: "asomepass" == 1

  • Php trys to convert the string to a number and do an number conversion.
  • If there is an character in that string it returns as 0 (zero)

For Example:

"asd1231"   == int(0) : True
"abc"       == int(0) : True
"0000"      == int(0) : True

-> Even when having to strings that look like numbers, php converts both and does a number comparison

"0xF" == "15" : True ...

Possible for bypassing CSRF token checking!

if the token starts with a letter or int(0), php will convert the token to an integer.