PHP magic hashes
Magic-hash strings that evaluate as loose-equal in PHP type juggling, used to bypass weak == hash comparisons.
- Size
- 47.6 KB
- Category
- Fuzzing
- Source
- danielmiessler/SecLists
- License
- MIT
- Recommended tools
- burpsuiteffufcustom-scripts
Preview
First 15 entries. Download or copy the full list (47.6 KB) using the buttons above.
0e805102 00e03591 0e680808 0e859873 0e300614 0e796936 0e626693 0e402980 0e696336 0e338008 00e00099 0e875518 0e074025 0e616557 0e561856
Magic-hash strings that evaluate as loose-equal in PHP type juggling, used to bypass weak == hash comparisons.
This list is geared toward input fuzzing and vulnerability discovery. It contains roughly 47.6 KB and pairs well with tools such as burpsuite, ffuf, custom-scripts. Pick the smallest list that fits your engagement: shorter lists are faster and quieter for online attacks, while larger lists give broader coverage for offline work where speed is less of a constraint.
You can copy the sample preview straight from this page, copy the entire list to
your clipboard, or download the raw .txt file. The full list is served directly
from its upstream source on GitHub.
Sourced from danielmiessler/SecLists and distributed under MIT. Only use wordlists against systems you are explicitly authorized to test.