PHP 5.3: `if (strcmp($passwd, $_POST["passwd"]) == 0) { login(); }` is broken (danuxx.blogspot.com) 2 points by danielweber 13y ago ↗ HN
[–] danielweber 13y ago ↗ It's not the correct way to compare passwords anyway, since people can do timing attacks on any kind of direct string compare.But this was a really clever exploit this guy found. Not too major, since only C programmers would use strcmp().
1 comment
[ 3.0 ms ] story [ 17.4 ms ] threadBut this was a really clever exploit this guy found. Not too major, since only C programmers would use strcmp().