Last Updated: February 25, 2016
·
2.184K
· r3dsm0k3

PHP - strcmp() could leave you alone in deep sh*t

If you are using strcmp() to compare two strings,things can go real bad.
Always use === instead.

<?php 
    $pass = isset($_GET['pass']) ? $_GET['pass'] : '';
    // Query /?pass[]= will authorize user
    //strcmp and strcasecmp both are prone to this hack
    if ( strcasecmp( $pass, '123456' ) == 0 ){
       echo 'You successfully logged in.';
    }
?>

1 Response
Add your response

been there got the t-shirt.

over 1 year ago ·