From 6ad38c58a45642eb8c7844e2f272ef199f59550d Mon Sep 17 00:00:00 2001
From: nashe <contact@nashe.fr>
Date: Mon, 3 Aug 2015 18:51:51 +0200
Subject: Avoid type juggling vulnerability.

Password comparison should not be done with the `==` operator, but
`===`, due to type juggling.

References:

* http://phpsadness.com/sad/47
*
turbochaos.blogspot.fr/2013/08/exploiting-exotic-bugs-php-type-juggling.
html

### Test case

* Create an administrator with the password "240610708".
* Try to login to the dashboard with the password "QNKCDZO" :-)
---
 admin/inc/auth.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'admin')

diff --git a/admin/inc/auth.inc.php b/admin/inc/auth.inc.php
index d21467b..8704737 100644
--- a/admin/inc/auth.inc.php
+++ b/admin/inc/auth.inc.php
@@ -1,11 +1,11 @@
 <?php
 include (dirname(__FILE__).'/pwd.inc.php');
 
-if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] == $password ) {
+if ( isset($_COOKIE['auth']) && $_COOKIE['auth'] === $password ) {
     //ok, cool
 } else {
     setcookie('auth','', time()-3600);
     header('Location: login.php');
     die;
 }
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.1