TYPicalBoss

Challenge Description

This is the classic PHP type-confusion bug with an SHA1 hash that sometimes gets incorrectly referred to as hash collision. There are many repositories onine with string-hash pairs to use, I picked mine from PayloadsAllTheThings.

Magic Hashes

Magic hashes arise due to a quirk in PHP's type juggling, when comparing string hashes to integers. If a string hash starts with "0e" followed by only numbers, PHP interprets this as scientific notation and the hash is treated as a float in comparison operations.

username: admin
password: 10932435112

when we use those credentials we are redirected to /flag.php that means that we have bypasses the login using magic hashes

if we follow redirection

Flag

ENO{m4ny_th1ng5_c4n_g0_wr0ng_1f_y0u_d0nt_ch3ck_typ35}

PreviousDebugger Next IPfilter

Last updated 2 years ago

Was this helpful?