skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Type Juggling Vulnerability Exploited in PHP Challenge

/ 1 min read

🎃 Type Juggling Vulnerability Exploited in Juggling Facts Challenge. The Juggling Facts challenge reveals a Type Juggling vulnerability in a PHP-based website that presents pumpkin facts. To retrieve a flag from the database, users must meet two conflicting conditions: the payload must be a JSON object with a field whose value is not a string equal to a specific value, while simultaneously needing that value to be a string equal to the same. By leveraging PHP’s loose comparison rules, the challenge can be exploited by sending a JSON payload with a boolean value, successfully bypassing the restrictions and retrieving the flag. This write-up highlights the intricacies of type handling in PHP and the potential for exploitation through careful manipulation.

Source
{entry.data.source.title}
Original