PHP Type Juggling - Why === is Important - Bug Bounty Tips

Name: PHP Type Juggling - Why === is Important - Bug Bounty Tips
Uploaded: 2022-03-23T13:28:59Z
Channel: IppSec
Description: Join Intigriti here: https://go.intigriti.com/ippsec 00:00 - Intro 00:54 - Enumerating the application utilizes Laravel based upon a default cookie nam...

IppSec · Beginner ·🛡️ AI Safety & Ethics ·4y ago

Join Intigriti here: https://go.intigriti.com/ippsec 00:00 - Intro 00:54 - Enumerating the application utilizes Laravel based upon a default cookie name. 01:30 - Jumping into a PHP Interpreter to show off the Type confusion bug. 03:30 - Trying the same thing in Python, Javascript, Ruby, and showing that they aren't vulnerable in this way. 05:30 - Talking about the importance of the Laravel API Middleware 07:30 - Converting the GET request to have JSON Data 08:40 - Changing the JSON Data to pass a boolean for password 09:50 - Bypassing login with type confusion 10:30 - Sponsor highlight Intig…

Watch on YouTube ↗ (saves to browser)

Chapters (12)

Intro

0:54 Enumerating the application utilizes Laravel based upon a default cookie name.

1:30 Jumping into a PHP Interpreter to show off the Type confusion bug.

3:30 Trying the same thing in Python, Javascript, Ruby, and showing that they aren'

5:30 Talking about the importance of the Laravel API Middleware

7:30 Converting the GET request to have JSON Data

8:40 Changing the JSON Data to pass a boolean for password

9:50 Bypassing login with type confusion

10:30 Sponsor highlight Intigriti

12:48 End of sponsor highlight

13:30 Looking at the Laravel Code to find where the route is for the custom login fu

14:00 Showing the vulnerable function

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →