Vlog #003: old PHP and array===array

Показать описание

The question I received this time was related to a fragment of a CTF challenge running on PHP 5.5.9 where two arrays had to be identical, but one of their elements was supposed to not be equal to another. An interesting situation indeed.

--- Links:

--- Music in intro/outro:
TheFatRat - Monody feat. Laura Brehm

nervous_testpilot - Office (Frozen Cortext Original Soundtrack)
nervous_testpilot - Our Heroes (Frozen Cortext Original Soundtrack)
nervous_testpilot - Focus (Frozen Synapse Original Soundtrack)

Stellardrone - Between the Rings

--- Team:
Shoutout and big thanks to my team who have helped me with livestreams and IRC/Discord over the years!
→ foxtrot_charlie
→ KrzaQ
→ masakra
→ hebi
→ maryush
→ disconnect3d

Рекомендации по теме

Комментарии

Cool bug and great explanation. Thank you, Gynvael! :)
It is worth noting that this trick wouldn't work if PHP would throw an error instead of "notice" when attempting to access $array[0] (an index that doesn't exist), because the zend_hash_compare function checks if the number of elements in both arrays is equal. But even in PHP 7 and greater, when accessing an invalid index it only says "notice".

Actually looking at the sources again...
zend_hash.c:1514 in zend_hash_compare()
result = ht1->nNumOfElements - ht2->nNumOfElements;
if (result!=0) {

return result;
}

Hypothetically if someone would be able to pass 4294967296 array elements it would be possible to use that same bug to overcome this check :)

agnusxendis

that parse_str is dangerous though. when fed with user input.

sangamo

Don't you get a compilation warning when compiling code which might truncate like that?

matrix

Vlog #003: old PHP and array===array

fgygrrfyyhgffhhh huh uh HD set yh or f GB ji it yi kg DUI or et uh ji if fyi yi j yr t5 TCU i ji

Give this to Kevin makeup train! 3 months worth of makeup looks hollymurraymakeup

Day 2 Of ONLY Eating Food From a Korean Convenience Store!

M&M'S STUCK IN NOSE 😂😆 #shorts

Smart kids almost hit dad 🥺🥰 LeoNata family #shorts TikTok

kachaa Badam |shorts | #learnwithpriyanshi #learnwithpari

Toni and Vince|edits|Toro Fam UNOFFICIAL

deffan kakinya luk4 karna j4tuh dari m0bil m0bil4n😱😭 #shorts

Better than a MacBook? 🤔 Links in Comments. #amazonhaul #amazonfinds #office #amazon #fyp

When a child is crying - how to distract/calm 🦷 [Pediatric Dentist]

How He Became A Millionaire At 16

12 HOUR ROAD TRIP WITH MY BOYFRIEND😅 #shorts #college #travel #traveling #roadtrip #relationship

McDonalds “I’m lovin’ it” theme song on iPhone keypad

3 STAT REFUND CODES IN BLOXFRUITS 2025

My Brother's Favorite Video😅 | Nikhil Nisha Vlogs #nikhilnisha

Concentration Challenge Game | Indoor games | Vinuanu vlog

My Least To Most Expensive Mountain Bikes

How to study for long hours without getting tired 🌟 Study Day 33/100📚✨

Naagmata ko dood dene se mna kiya ek maa ne | Sonam Prajapati

WORLD'S SHORTEST WOMAN

$10 vs $500 Nintendo Switch!

Stop The Music People Sing It #nikhilnisha #madhugowda #2023 | Nikhil Nisha Vlogs #shorts

CRAZY 3-Sport Athlete!!! 😳 🤯 #shorts

The hottest Roti Lady in Bangkok - Chocolate Roti / Sala Daeng BTS Station #shorts