Last Updated: February 25, 2016
·
2.14K
· r3dsm0k3

PHP - strcmp() could leave you alone in deep sh*t

#php
#hack
#security
#bypass

If you are using strcmp() to compare two strings,things can go real bad.
Always use === instead.

<?php 
    $pass = isset($_GET['pass']) ? $_GET['pass'] : '';
    // Query /?pass[]= will authorize user
    //strcmp and strcasecmp both are prone to this hack
    if ( strcasecmp( $pass, '123456' ) == 0 ){
       echo 'You successfully logged in.';
    }
?>
#php
#hack
#security
#bypass

Written by 3ʞ0ɯsp3ɹ

Say Thanks
Respond

Related protips

HTML5 Mobile Device Camera Access

341.7K
19

Pretty print array php

273.1K
0

Laravel's .htaccess to remove "public" from URL

242.1K
10

1 Response
Add your response

emgiezet

been there got the t-shirt.

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Php Authors
projectcleverweb
463.4K
#php
#javascript
#css
brandonbeeks
339.6K
#php
#javascript
#css
jvinceso
267.7K
#php
#ASP
#JavaScript
hnordt
241.3K
#php
#laravel
#CoffeeScript
rmcdaniel
237.6K
#php
#JavaScript
#Open Source
Related Tags
#php
#hack
#security
#bypass
Sponsored by
#native_company#
#native_desc#
#native_cta#
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#