exploiting-type-juggling-vulnerabilities
Installation
SKILL.md
Exploiting Type Juggling Vulnerabilities
When to Use
- When testing PHP web applications for authentication bypass vulnerabilities
- During assessment of password comparison and hash verification logic
- When testing applications using loose comparison (== instead of ===)
- During code review of PHP applications handling JSON or deserialized input
- When evaluating input validation that relies on type-dependent comparison
Prerequisites
- Understanding of PHP type system and loose comparison behavior
- Knowledge of magic hash values (0e prefix) and their scientific notation interpretation
- Burp Suite for request manipulation and parameter type changing
- PHP development environment for testing payloads locally
- Collection of magic hash strings from PayloadsAllTheThings
- Ability to send JSON or serialized data to control input types
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.