SQL injection - Generic Bypass (Space)

2025-07-26 22:54:45 +02:00
parent ac73b0c619
commit 7faf14a960
3 changed files with 36 additions and 27 deletions
--- a/Juggling/README.md
+++ b/Juggling/README.md
@@ -27,14 +27,14 @@
 | `'0010e2'   == '1e3'`             | true |
 | `'0xABCdef' == ' 0xABCdef'`       | true (PHP 5.0) / false (PHP 7.0) |
 | `'0xABCdef' == '     0xABCdef'`   | true (PHP 5.0) / false (PHP 7.0) |
-| `'0x01'     == 1`             | true (PHP 5.0) / false (PHP 7.0) |
+| `'0x01'     == 1`                 | true (PHP 5.0) / false (PHP 7.0) |
 | `'0x1234Ab' == '1193131'`         | true (PHP 5.0) / false (PHP 7.0) |
 | `'123'  == 123`                   | true |
 | `'123a' == 123`                   | true |
 | `'abc'  == 0`                     | true |
 | `'' == 0 == false == NULL`        | true |
 | `'' == 0`                         | true |
-| `0  == false`                    | true |
+| `0  == false`                     | true |
 | `false == NULL`                   | true |
 | `NULL == ''`                      | true |

@@ -65,7 +65,7 @@ Loose Type comparisons occurs in many languages:
 > Magic hashes arise due to a quirk in PHP's type juggling, when comparing string hashes to integers. If a string hash starts with "0e" followed by only numbers, PHP interprets this as scientific notation and the hash is treated as a float in comparison operations.

 | Hash | "Magic" Number / String    | Magic Hash                                    | Found By / Description      |
-| ---- | -------------------------- |:---------------------------------------------:| -------------:|
+| ---- | -------------------------- | --------------------------------------------- | -------------|
 | MD4  | gH0nAdHk                   | 0e096229559581069251163783434175              | [@spaze](https://github.com/spaze/hashes/blob/master/md4.md) |
 | MD4  | IiF+hTai                   | 00e90130237707355082822449868597              | [@spaze](https://github.com/spaze/hashes/blob/master/md4.md) |
 | MD5  | 240610708                  | 0e462097431906509019562988736854              | [@spazef0rze](https://twitter.com/spazef0rze/status/439352552443084800) |
@@ -73,7 +73,10 @@ Loose Type comparisons occurs in many languages:
 | MD5  | 0e1137126905               | 0e291659922323405260514745084877              | [@spazef0rze](https://twitter.com/spazef0rze/status/439352552443084800) |
 | MD5  | 0e215962017                | 0e291242476940776845150308577824              | [@spazef0rze](https://twitter.com/spazef0rze/status/439352552443084800) |
 | MD5  | 129581926211651571912466741651878684928                | 06da5430449f8f6f23dfc1276f722738              | Raw: ?T0D??o#??'or'8.N=? |
-| SHA1 | 10932435112                | 0e07766915004133176347055865026311692244      | Independently found by Michael A. Cleverly & Michele Spagnuolo & Rogdham |
+
+| Hash | "Magic" Number / String    | Magic Hash                                    | Found By / Description      |
+| ---- | -------------------------- | --------------------------------------------- | -------------|
+| SHA1 | 10932435112                | 0e07766915004133176347055865026311692244      | Michael A. Cleverly, Michele Spagnuolo & Rogdham |
 | SHA-224 | 10885164793773          | 0e281250946775200129471613219196999537878926740638594636 | [@TihanyiNorbert](https://twitter.com/TihanyiNorbert/status/1138075224010833921) |
 | SHA-256 | 34250003024812          | 0e46289032038065916139621039085883773413820991920706299695051332 | [@TihanyiNorbert](https://twitter.com/TihanyiNorbert/status/1148586399207178241) |
 | SHA-256 | TyNOQHUS                | 0e66298694359207596086558843543959518835691168370379069085300385 | [@Chick3nman512](https://twitter.com/Chick3nman512/status/1150137800324526083) |