Skip to content

PHP

  • strcmp in php returns the ascii diffecrence of string1 and string2 which means it returns 0 if both strings are equal, thus can be bypassed with a string with ascii value of 0 (the null string) 

    param[]= # empty array (web)
$param="" # raw php

  • Something like 1.2e3 will be interpreted as 1200, even as a string 1.2e3 still returns the same result due to some type juggling

  • trim strips down white space if only $string is provided, meaning if you want to bypass something like this, you can use 89 mind the white space 

    if(isset($_GET["param"])) {
    $str = $_GET["param"];
    if($str == 89 && $str !== '89' && $str !== 89 && strlen(trim($str)) == 2) {
        echo "pwned";
    }
}