Recent Security Hole in PHP Leaves Websites Open To Attack

If you are running a popular website on PHP its time you hit that big red Panic Button. It’s time to bring forward your schedule database backup else you may loose everything, literary everything ( How is that for being dramatic). Two separate flaws in the PHP scripting language found in a large majority of Web sites have been seen being exploited in the wild by attackers.

The first vulnerability, which was privately disclosed to the PHP Group in January, could allow attackers to steal source code or insert malware. The exploit works by modifying how PHP setups parse query string parameters from PHP files in a Common Gateway Interface (CGI) configuration. The hole makes it possible to interpret URL query strings that contain the “-” character as a command line switch. Hackers can use that flaw to access the source code or run a specially crafted remote code execution attack.

The attacks currently are active. Security firm Trustwave SpiderLabs reported yesterday seeing the PHP attack being exploited via its honeypot, which is set to monitor Web attacks. According to the PHP Group, organizations can easily check to see if their Web site is vulnerable to attack.

“If you are using Apache mod_cgi to run PHP you may be vulnerable,” wrote the PHP Group in a message on its Web site. “To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not.”

While the vulnerability was privately disclosed to the PHP Group, the issue became public when the flaw was accidently leaked online. In response to the information leak, the PHP Group released PHP 5.3.12 and PHP 5.4.2 as emergency fixes. However, shortly after release, it was discovered that the updates could be easily bypassed.

Source Credit:




Comments are closed.