Tags: web 


- code

<h1>I just don't think we're compatible</h1>

<form method="POST">
<input type="password" name="password">
<input type="submit">

from the challenge title and the line `if (strcasecmp($password, $FLAG) == 0)`

we can see that this is a case of type juggling or loose comparison

the function `strcasecmp()` does case insensitive string comparison and returns 0 when the two strings are equal

we can get the function to return 0 if we pass one side of the comparison (the one we control) as an empty array

## How?

modify the password parameter in the POST request in burp from `password=` to `password[]=`

and it spits out flag



# Resources

[PHP Tricks (SPA)](https://book.hacktricks.xyz/pentesting/pentesting-web/php-tricks-esp#strcmp-strcasecmp)

Original writeup (https://earthy-saguaro-61f.notion.site/Just-Not-My-Type-d4aa2fec63744a618ac0cf5e50efd6f2).