1. Mo Tao's Notebook home page
  2. share
  3. Experience benefits

Strcmp() vulnerability

Mo Tao Experience benefits Reading 1499

Let's first look at this function, which is used to Compare Strings Function of

int strcmp ( string $str1 , string $str2 )
The first string of parameter str1. Str2 The second string.
<0 if str1 is less than str2;
If str1 is greater than str2,>0 is returned;
If they are equal, 0 is returned.

Example 1

 <? php echo strcmp("Hello world!","Hello world!"); //  Two strings are equal//0 echo strcmp("Hello world!","Hello"); //  String1 is greater than string2//7 Echo strcmp ("Hello world!", "Hello world! Hello!");//string1 is less than string2//- 7 ?>

Example 2

Compare two strings (case sensitive, the output of Hello and hELLo are different):

 <? php echo strcmp("Hello","Hello"); // zero echo "<br>"; echo strcmp("Hello","hELLo"); //- one ?>

Look at a sample code

 <? php $password="***************" if(isset($_POST['password'])){ if (strcmp($_POST['password'], $password) == 0) { echo "Right!!! login success"; exit(); } else { echo "Wrong password.. "; } ?>

For this code, how can we bypass the verification
As long as $_POST ['password '] is an array or an object

password[]=admin
This allows the above code to bypass the verification successfully.

Original article by Mo Tao, if reproduced, please indicate the source: https://imotao.com/4018.html

fabulous (0)
Head of Mo Tao Mo Tao
zero zero
Previous September 27, 2020
Next September 28, 2020

Related recommendations

Post reply

Your email address will not be disclosed. Required items have been used * tagging

This site uses Akismet to reduce spam comments. Learn how we handle your comment data

home page
Cotton cloud