Type Juggling Magic: Why PHP thinks 0 and 'password' are the same [Capture The Flag Fundamentals]

preview_player
Показать описание
When you declare a variable in PHP, you don’t need to define its type – you just declare it. If variables are used as part of a comparison, in order to compare them, PHP needs to guess what those variables represent. After making this guess, PHP will convert the variables to some common data type to then perform the actual comparison.

This can result in unexpected behaviour, which as we’ve seen before and from a security is perspective is almost always a bad idea.

🏆 The 247CTF channel is dedicated to teaching Capture The Flag fundamentals. If you want to improve your technical skills and succeed in Capture The Flag competitions, make sure to subscribe!

📺 Subscribe for more Capture The Flag videos!
📌Free flag ➝ 247CTF{9719c5ddf317154473d334f47a77ac6a}

🚨 247CTF’s channel videos are intended for educational purposes only. Methods and techniques discussed are not to be used for illegal activities against unauthorised systems.
  1. 247CTF
  2. Capture The Flag
  3. Computer Security
  4. CTF
  5. php type juggling
  6. type juggling
Рекомендации по теме
Type Juggling Magic: 0:07:16

Type Juggling Magic: Why PHP thinks 0 and 'password' are the same [Capture The Flag Fundam...

PHP Type Juggling 0:17:00

PHP Type Juggling - Why === is Important - Bug Bounty Tips

Type Juggling in 0:11:47

Type Juggling in PHP Switch - Juggling Facts [HackTheBoo CTF 2022]

Web App Wednesdays: 1:17:44

Web App Wednesdays: PHP Type Juggling

PHP Type Juggling: 0:05:07

PHP Type Juggling: Python Web Hacking | Natas: OverTheWire (Level 23)

L-19| Master PHP 0:08:36

L-19| Master PHP Type Juggling: Dynamic Data Handling in PHP

PHP Data Types 0:11:58

PHP Data Types - Typecasting Overview & How It Works - Full PHP 8 Tutorial

POC of authentication 0:00:54

POC of authentication bypass via chaining CSRF and type-juggling

Hacker to Hacker 0:38:57

Hacker to Hacker - Episode #2 | What is PHP Type Juggling

ED81 - PHP 0:45:35

ED81 - PHP Type Juggling

PHP - Operadores 0:13:41

PHP - Operadores Aritmeticos & el Type Juggling

php magic hash 0:01:25

php magic hash

Type Juggling and 0:10:24

Type Juggling and Coercion in PHP

PHP Weak Comparison 0:10:11

PHP Weak Comparison with MD5 Collisions

Hack The Box 0:15:57

Hack The Box - Juggling Facts (Easy) - Live Walkthrough

PHP TUTORIAL #25 0:08:56

PHP TUTORIAL #25 JUGGLING TYPE DATA

EP011: Exploiting PHP 0:14:50

EP011: Exploiting PHP type juggling in Urdu / Hindi

PHP Type Juggling, 0:22:33

PHP Type Juggling, LFI and Command Injection - Solution to April '23 Challenge

Strict typing and 0:43:02

Strict typing and static analysis - Rob Allen - PHPSW: A New Type of Year, January 2020

Growing up Pentecostal... 0:00:15

Growing up Pentecostal... #short

34 Type Casting 0:03:49

34 Type Casting in PHP

Magic Bytes & 0:10:01

Magic Bytes & Security: When file categorisation goes wrong [Capture The Flag Fundamentals]

Bro’s hacking life 0:00:20

Bro’s hacking life 😭🤣

SQL Injection & 1:54:58

SQL Injection & PHP Type Juggling - HTB Falafel (JB & Mystiko TeamUp Stream #3)

Комментарии
Автор

👍 Liking this video will increase your ability to solve CTF challenges by 👍

CTF
Автор

Didn't know 247CTF had a channel! This is cool. Subbed

bourbon
Автор

Always use that === for strict comparison with PHP!

RhyanGarrison
Автор

I guess you need to release new version of this video

ctfs
Автор

Great Video! What about that? if ($user_input == substr(md5($user_input), 0, 24)

nameless