summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornashe <contact@nashe.fr>2015-08-03 18:51:51 +0200
committernashe <contact@nashe.fr>2015-08-03 18:51:51 +0200
commit6ad38c58a45642eb8c7844e2f272ef199f59550d (patch)
tree4d315369073a15add85b1428b9777fc8b90a23f6
parent07aa4f5484dfefe4d9d5870b31d2e2269583fdd2 (diff)
downloadplanet-6ad38c58a45642eb8c7844e2f272ef199f59550d.tar
planet-6ad38c58a45642eb8c7844e2f272ef199f59550d.tar.gz
planet-6ad38c58a45642eb8c7844e2f272ef199f59550d.tar.bz2
planet-6ad38c58a45642eb8c7844e2f272ef199f59550d.tar.xz
planet-6ad38c58a45642eb8c7844e2f272ef199f59550d.zip
Avoid type juggling vulnerability.
Password comparison should not be done with the `==` operator, but `===`, due to type juggling. References: * http://phpsadness.com/sad/47 * turbochaos.blogspot.fr/2013/08/exploiting-exotic-bugs-php-type-juggling. html ### Test case * Create an administrator with the password "240610708". * Try to login to the dashboard with the password "QNKCDZO" :-)
-rw-r--r--admin/inc/auth.inc.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/admin/inc/auth.inc.php b/admin/inc/auth.inc.php
index d21467b..8704737 100644
--- a/admin/inc/auth.inc.php
+++ b/admin/inc/auth.inc.php
@@ -1,11 +1,11 @@
<?php
include (dirname(__FILE__).'/pwd.inc.php');
-if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] == $password ) {
+if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] === $password ) {
//ok, cool
} else {
setcookie('auth','', time()-3600);
header('Location: login.php');
die;
}
-?> \ No newline at end of file
+?>