Skip to content

Commit 6ad38c5

Browse files
author
nashe
committed
Avoid type juggling vulnerability.
Password comparison should not be done with the `==` operator, but `===`, due to type juggling. References: * http://phpsadness.com/sad/47 * turbochaos.blogspot.fr/2013/08/exploiting-exotic-bugs-php-type-juggling. html ### Test case * Create an administrator with the password "240610708". * Try to login to the dashboard with the password "QNKCDZO" :-)
1 parent 07aa4f5 commit 6ad38c5

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: admin/inc/auth.inc.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
<?php
22
include (dirname(__FILE__).'/pwd.inc.php');
33

4-
if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] == $password ) {
4+
if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] === $password ) {
55
//ok, cool
66
} else {
77
setcookie('auth','', time()-3600);
88
header('Location: login.php');
99
die;
1010
}
11-
?>
11+
?>

0 commit comments

Comments
 (0)