Acunetix Art

TEST and Demonstration site for Acunetix Web Vulnerability Scanner
WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks. It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.

PHP Type Juggling / Loose Comparison

Test 1: Password Hash Magic Hash (0e bypass)

Stored hash: 0e462097431907509062053600553917 (MD5 of "240610708")

Test 2: Loose Comparison (== vs ===)

Test 3: in_array() without strict flag

Test Payloads

Magic Hash Bypass (password)

Password:

Try: ?pass=240610708 (MD5 starts with "0e...")

Loose Comparison

Value A: Value B:

Try: a=true & b=1 | a=0 & b=abc | a=null & b=(empty)

in_array() Bypass

User ID:

Try: ?uid=0 | ?uid=1 | ?uid=admin

PHP Type Juggling Reference

ExpressionResult (==)Result (===)
0 == "string"truefalse
"0" == falsetruefalse
null == "0"truefalse
true == "1"truefalse
[] == falsetruefalse
"0e123" == "0e456"true (both are 0 in scientific notation)false