PHP Type Juggling / Loose Comparison
Test 1: Password Hash Magic Hash (0e bypass)
Stored hash: 0e462097431907509062053600553917 (MD5 of "240610708")
Your input hash: 0e462097431906509019562988736854
ACCESS GRANTED! (Type juggling bypass via magic hash)
Hash comparison used == instead of ===
Test 2: Loose Comparison (== vs ===)
Test 3: in_array() without strict flag
Test Payloads
Magic Hash Bypass (password)
Try: ?pass=240610708 (MD5 starts with "0e...")
Loose Comparison
Try: a=true & b=1 | a=0 & b=abc | a=null & b=(empty)
in_array() Bypass
Try: ?uid=0 | ?uid=1 | ?uid=admin
PHP Type Juggling Reference
| Expression | Result (==) | Result (===) |
|---|---|---|
| 0 == "string" | true | false |
| "0" == false | true | false |
| null == "0" | true | false |
| true == "1" | true | false |
| [] == false | true | false |
| "0e123" == "0e456" | true (both are 0 in scientific notation) | false |