Task 1: Loose comparison

We have seen in class that loose comparison == of PHP equates (different) values of different types, i.e., values are the same after type juggling.

Comparing integers and strings

When a string is compared with an integer the string is converted into integer. For example:

"0000" == 0  TRUE
"0e12" == 0  TRUE  exponential notation!
"1e12" == 1  FALSE exponential notation!
"1a12" == 1  TRUE  integer is cut to 1
"0abc" == 0  TRUE  integer is cut to 0
"abc"  == 0  TRUE  no digits, converted to 0

Comparing strings that look like integers

When two strings look like integers then PHP convert them into integers. For example:

"0e12" == "0e34"   TRUE exponential notation
"1e12" >= "2"      TRUE exponential notation
"1e12" >= "b"      FALSE lexicographic order ("b" does not look like an integer)
"0e12" == "0"      TRUE exponential notation
 0xF   == "15"     TRUE
"0xF"  == "15"     FALSE since version 7.0! (before, it was true!) 

Loose comparison introduces unpredictable behaviours that might be exploited by an attacker to modify the application control-flow.

Exercise

WeChall is a great, classic resource with a lot of security challenges! Behave correctly and do not post your solutions on the Web

Try to solve the WeChall challenge php0818. The magic number you enter to solve the challenge (lowercase…) is your password for Task 2!

Hint: analyse function noother_says_correct($number). You need to make the loose comparison in the return instruction true!