Type Juggling in PHP
Description
When performing operations or comparisons between two different types of data, PHP will attempt to convert one to the same type as the other. Type Juggling vulnerabilities are often introduced this way through implicit conversion of which the developer is not aware. For example, the following expression will evaluate as true
.
"password" == 0
Vulnerable Example
Type Juggling vulnerabilities are introduced by not using strict comparators. The following code is an example of such.
if($_POST['password'] == "secret_password") {
...
}
Here, by giving the password as 0, the statement will evaluate to true
. This is because PHP attempts to convert "secret_password"
to an integer, which it cannot, and thus, converts the string to 0.
Prevention
Always use strict comparison where possible, using ===
instead of ==
and similarly !==
in place of !=
.
References
PHP - Type Juggling netsparker - Sven Morgenroth - Detailed Explanation of PHP Type Juggling Vulnerabilities