ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-31 07:27:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #275 from c-nagy/master

Browse Source 
Added a brief overview for type juggling
This commit is contained in:
Swissky 2020-10-26 14:57:06 +01:00 committed by GitHub
commit c52cfb1200
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Type Juggling/README.md
View File

@ -5,6 +5,8 @@ PHP provides two ways to compare two variables:
- Loose comparison using `== or !=` : both variables have "the same value". - Loose comparison using `== or !=` : both variables have "the same value".
- Strict comparison using `=== or !==` : both variables have "the same type and the same value". - Strict comparison using `=== or !==` : both variables have "the same type and the same value".
PHP type juggling vulnerabilities arise when loose comparison (== or !=) is employed instead of strict comparison (=== or !==) in an area where the attacker can control one of the variables being compared. This vulnerability can result in the application returning an unintended answer to the true or false statement, and can lead to severe authorization and/or authentication bugs.
## Type Juggling ## Type Juggling
### True statements ### True statements