Attack! Type Juggling

Type Juggling

This is a demo module, sign up for the course here!

PHP is known for it's loose types and type juggling, and in my opinion, this is one of it's super-powers. However, it can also be a massive weakness if you're not careful with how you handle user input. Although, it is worth pointing out that PHP 8.0 made some significant changes to how PHP handles type juggling, making it much less likely to be exploited in the wild.

In this module, we're going to explore some classic type juggling vulnerabilities, so you can get a feel for how they work in different scenarios and what you need to watch out for in your own apps.

Let's get started!