Everything Is Just Dandy!

PHP Type Juggling – Why === is Important – Sponsored Content

IppSec
IppSec
2022 03 23
https://www.youtube.com/watch?v=idC5SAsKhlE
Join Intigriti here: https://go.intigriti.com/ippsec

00:00 – Intro
00:54 – Enumerating the application utilizes Laravel based upon a default cookie name.
01:30 – Jumping into a PHP Interpreter to show off the Type confusion bug.
03:30 – Trying the same thing in Python, Javascript, Ruby, and showing that they aren’t vulnerable in this way.
05:30 – Talking about the importance of the Laravel API Middleware
07:30 – Converting the GET request to have JSON Data
08:40 – Changing the JSON Data to pass a boolean for password
09:50 – Bypassing login with type confusion
10:30 – Sponsor highlight Intigriti
12:48 – End of sponsor highlight
13:30 – Looking at the Laravel Code to find where the route is for the custom login function
14:00 – Showing the vulnerable function