PHP Type Juggling Vulnerabilities, Netsparker - Paul's Security Weekly #572

preview_player
Показать описание
Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities.


  1. Security Weekly - A CRA Resource
  2. PHP Type Juggling
  3. Vulnerabilities
  4. PHP
  5. Juggling
  6. Sven Morgenroth
Рекомендации по теме
PHP Type Juggling 0:27:31

PHP Type Juggling Vulnerabilities, Netsparker - Paul's Security Weekly #572

Exploiting PHP Type 0:04:27

Exploiting PHP Type Juggling Vulnerabilities - Security Simplified

How to prevent 0:02:39

How to prevent PHP type juggling vulnerabilities

Hacking PHP - 0:11:22

Hacking PHP - CTF challenge (Type Juggling)

PHP Type Juggling 0:17:00

PHP Type Juggling - Why === is Important - Bug Bounty Tips

Type Juggling Magic: 0:07:16

Type Juggling Magic: Why PHP thinks 0 and 'password' are the same [Capture The Flag Fundam...

PHP Type Juggling: 0:05:07

PHP Type Juggling: Python Web Hacking | Natas: OverTheWire (Level 23)

Funky PHP Type 0:06:12

Funky PHP Type Juggling - Natas 24 - Overthewire.org - Walkthrough

Web App Wednesdays: 1:17:44

Web App Wednesdays: PHP Type Juggling

PHP Type Juggling, 0:22:33

PHP Type Juggling, LFI and Command Injection - Solution to April '23 Challenge

PHP Type Juggling 0:00:54

PHP Type Juggling | Loose Comparison | PHP object Injection #shorts #short

PHP : Type 0:03:34

PHP : Type Juggling

05 k php 0:10:00

05 k php type juggling

POC of authentication 0:00:54

POC of authentication bypass via chaining CSRF and type-juggling

Type Juggling | 0:26:52

Type Juggling | Ransom CTF walkthrough

Authentication Bypass in 0:11:33

Authentication Bypass in PHP | PHP Type Juggling

PHP Weak Comparison 0:10:11

PHP Weak Comparison with MD5 Collisions

PHP strcmp Abuse: 0:04:19

PHP strcmp Abuse: Python Web Hacking | Natas: OverTheWire (Level 24)

PHP - Operadores 0:13:41

PHP - Operadores Aritmeticos & el Type Juggling

Johannes Dahse: Static 0:59:41

Johannes Dahse: Static Detection of Vulnerabilities in Modern PHP Applications

HacktheBox 'Base' - 0:56:18

HacktheBox 'Base' - Type Jugging Leading to Auth Bypass!

Fuzzing, trying to 0:18:32

Fuzzing, trying to find anomalies and discrepancies - Natas 23 - Overthewire.org - Walkthrough

03-06: Type juggling 0:13:12

03-06: Type juggling

Lesson 10 : 0:05:19

Lesson 10 : Datatypes - Type Juggling

Комментарии
Автор

Thank you very much, definitely more detailed than the OSWE content I have! :)

tekken-pakistan
Автор

It is very disturbing that the presenters are constantly interrupting Sven's presentation.

kamilonurozkaleli
Автор


[]+[] = ''
[]+{} = Object
{}+[] = 0
!+[] = true
'2' = 2


in MySQL all versions < 8.0 .
0 = 'anystring', also UTF-8 in MySQL < 8.0 only supports 3 bytes, so it cannot store mb characters with 4 bytes. In MySQL utf-8mb4 is what everything else calls utf-8

this behavior is typical of many weakly typed languages, the MySQL issue is particularly useful for authentication bypasses :D

corymarsh
Автор

@13:10 wtf is this explanation? horrible

EDIT:
@17:25 "Let assume that we have a message like this" --- 'Like this' what? what the fuck is `s:14:"ping 127.0.0.1";`?

thedawnofslayer