Avoid type juggling vulnerability.

Password comparison should not be done with the `==` operator, but `===`, due to type juggling. References: * http://phpsadness.com/sad/47 * turbochaos.blogspot.fr/2013/08/exploiting-exotic-bugs-php-type-juggling. html ### Test case * Create an administrator with the password "240610708". * Try to login to the dashboard with the password "QNKCDZO" :-)
samwilson · Aug 3, 2015 · 6ad38c5 · 6ad38c5
1 parent 07aa4f5
commit 6ad38c5
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/admin/inc/auth.inc.php b/admin/inc/auth.inc.php
@@ -1,11 +1,11 @@
 <?php
 include (dirname(__FILE__).'/pwd.inc.php');
 
-if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] == $password ) {
+if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] === $password ) {
     //ok, cool
 } else {
     setcookie('auth','', time()-3600);
     header('Location: login.php');
     die;
 }
-?>
+?>