PHP Srand Time Abusing
If the website uses “srand(time())” to generate random strings in PHP, we can get the non-random strings by manipulating the attribute of the “srand()” function.
Investigation
function generate_random_number() {
srand(time());
// Some code for generating random number...
return random_numbers;
}
For example, assume website uses the above function that generates random numbers or strings to be used for authentications such as activation code, multi-factor security code.
In such cases, we can replace the “time()” function with the “strtotime()” to make the result to be non-random.
Exploitation
1. Send Request
First off, send the request for executing the desired function e.g. “generate_random_number” that uses “srand(time())”.
See the HTTP response header.
We can get the time such as “08:31:35” so copy this.
2. Generate Non-Random Result
We can insert the above Date time as the attribute of “strtotime()” function as follow.
function generate_random_number() {
srand(strtotime("08:31:35"));
// Some code for generating random number...
echo random_numbers;
}
Now execute the above function in PHP playground.
We can get the same result no matter how many times we run it.