gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix: Fix spelling

Browse Source
This commit is contained in:
its0x08
2022-08-09 11:02:21 +02:00
parent 55c9689487
commit fc1f3b25a7
14 changed files with 174 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Type Juggling/README.md
View File

@@ -61,7 +61,7 @@ If we can make the calculated hash string Zero-like, and provide "0" in the $coo
```
We have control over 3 elements in the cookie:
- $username - username you are targetting, probably "admin"
- $username - username you are targeting, probably "admin"
- $hmac - the provided hash, "0"
- $expiration - a UNIX timestamp, must be in the future
@@ -104,5 +104,5 @@ var_dump(sha1('aaO8zKZF') == sha1('aa3OFF9m'));
## References
* [Writing Exploits For Exotic Bug Classes: PHP Type Juggling By Tyler Borland](http://turbochaos.blogspot.com/2013/08/exploiting-exotic-bugs-php-type-juggling.html)
* [Magic Hashes - WhieHatSec](https://www.whitehatsec.com/blog/magic-hashes/)
* [Magic Hashes - WhiteHatSec](https://www.whitehatsec.com/blog/magic-hashes/)
* [PHP Magic Tricks: Type Juggling](https://owasp.org/www-pdf-archive/PHPMagicTricks-TypeJuggling.pdf)