How to cheat the checking script?

D

dvachek2017-11-19 11:50:44

PHP

dvachek, 2017-11-19 11:50:44

1. There is a script

$val = $_POST['val'];
$balance = 0;

function test($val, $balance){
    if(!preg_match("/^\d+(\.\d+)?$/i",$val) || $val<=0){
                return false;
    }
    if($val>$balance){
                return false;
    }
    return true;
}

var_dump(test($val, $balance));

2. What value should be passed to $_POST['val']? to trick the script and return true?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

P

Pavel Kornilov, 2017-11-19
@KorniloFF

|| $val<=0
There is a comparison without data typing. That is, "FFF" will also pass the test.

M

morricone85, 2017-11-19
@morricone85

if(!is_numeric($val) OR (is_numeric($val) AND --condition--))
return false;
else return true;

L

Lazy @BojackHorseman PHP, 2017-11-19
Tag

we will assume that the locale does not change and the fractional delimiter is always a dot.
the regular expression will cut off all lines, except those containing a positive decimal fraction with a separator "." and strings of solid zeros. such strings will be converted into numbers without any consequences for subsequent comparisons with integer zeros, here too a miracle will not happen.
the only way is to exceed float precision in the string

R

redya69, 2017-12-08
@redya69

I think that the problem here is in the race condition. For example, on the balance of 1000r. The user launches two requests to withdraw these 1000 rubles at the same time, both scripts are checked at about the same time for the availability of funds on the balance sheet and then calmly write off 1000 rubles to themselves. two times (or three, if you're lucky)