What is 'YTowOnt9'?

Sherlock picture Sherlock · Apr 22, 2014 · Viewed 15.8k times · Source

Our (PHP) framework sometimes renders hidden inputs with value YTowOnt9. I can't find that string anywhere in the (huge) codebase, and can't figure out where it came from. I decided to Google for that particular string, and the result surprised me. Over half a million - kind of random - hits. I haven't found any page describing the value itself. It has 0 hits on Stack Overflow.

Is YTowOnt9 some kind of magic string?

Answer

kojiro picture kojiro · Apr 22, 2014

It seems to be a PHP-serialized empty array, base 64 encoded.

$ base64 -D <<< 'YTowOnt9'
a:0:{}
$ php -r 'var_dump(unserialize(base64_decode("YTowOnt9")));'
array(0) {
}

There are many scripts that serialize arrays of data. When the arrays have data, they vary greatly, so the Base64 encoded PHP-serialized values do too, but when they are empty they are all the same. It makes it look as if a lot of very different PHP scripts have this random string in common.