PHP logic error and some == wonkiness

Published
Credit
Risk
2015.05.04
Kurt Seifried
Medium
CWE
CVE
Local
Remote
N/A
N/A
Yes
No

https://news.ycombinator.com/item?id=9484757 read the entire thread for an ongoing series of "what the heck?".

Some examples include:
=================
This is well-known PHP-trick. Use === to right result.
php > var_dump(md5('240610708') == md5('QNKCDZO'));
bool(true)
php > var_dump(md5('240610708'), md5('QNKCDZO'));


string(32) "0e462097431906509019562988736854"
string(32) "0e830400451993494058024219903391" php > var_dump(md5('240610708') === md5('QNKCDZO'));


bool(false)
php > var_dump("0e462097431906509019562988736854" == "0e830400451993494058024219903391");
bool(true)
php > var_dump("0e462097431906509019562988736854" === "0e830400451993494058024219903391");
bool(false)
php > var_dump(md5('240610708') === md5('QNKCDZO'));
bool(false)
php > var_dump(md5('240610708') == md5('QNKCDZO'));
bool(true)
php > var_dump(md5('240610708') === md5('QNKCDZO'));
bool(false)
=================

I'm guessing there is more than a bit of code that uses == to compare
passwords/etc. Something to be aware of.


--
Kurt Seifried -- Red Hat -- Product Security -- Cloud

References:

https://news.ycombinator.com/item?id=9484757
http://seclists.org/oss-sec/2015/q2/356


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com