php type juggling

A bug in PHP
By sending in the password POST data as an array.
Get the POST from Burp and resend with an Array
Webpage will let you in!

username=admin&password=admin   ..original
username=admin&password[]=      ..type juggline

REF: NinevehHTB
https://0xdf.gitlab.io/2020/04/22/htb-nineveh.html

Previousphp NextphpLite

Last updated 1 year ago