Transcription of PHP Magic Tricks: Type Juggling - OWASP
{{id}} {{{paragraph}}}
PHP Magic Tricks: Type JugglingPHP Magic Tricks: Type JugglingWho Am IChris Smith (@chrismsnz)Previously: Polyglot Developer - Python, PHP, Go + more Linux SysadminCurrently: Pentester, Consultant at Insomnia Security Little bit of researchOWASP Day 2015 PHP Magic Tricks: Type JugglingInsomnia Security Group LimitedFounded in 2007 by Brett Zealand-based in Auckland and Wellington, as well as global together a team of like-minded, highly technically skilled, results-driven, security Certified perform work for customers in such differing industries as: Tele- and Mobile Communications; Banking, Finance, and Card Payment; E-Commerce and Online Retail; Software and Hardware Vendors; Broadcasting and Media; and Local and National Day 2015 PHP Magic Tricks: Type JugglingConventionsTypes: "string" for strings int(0), float(0) for numbers TRUE, FALSE for booleansTerms: "Zero-like" - an expression that PHP will loosely compare to int(0) OWASP Day 2015 PHP Magic Tricks: Type JugglingWhat is Type Juggling ?
Bug #3: Wordpress Authentication Bypass Publicised by MWR Information Security (again) November 2014 Fun and interesting attack, but limited practicality Probably easier ways to own Wordpress Following is a simplified explanation of the …
Domain:
Source:
Link to this page:
Please notify us if you found a problem with this document:
{{id}} {{{paragraph}}}