Parameter Manipulation Attacks

From SecurePHPWiki

Jump to: navigation, search

Because of PHP's weak typing and automatic type conversion, alternative representations of input parameters can foil validation checks (WACT).

<?php empty( '000' ); // returns false

if ( '000' == 0 )

   print( 'true' ); // prints true

?>

A zero string will convert to a numeric 0 (zero) if used in a numeric context.

Retrieved from "http://securephpwiki.com/index.php?title=Parameter_Manipulation_Attacks&oldid=76"

Injection Attacks

Navigation menu