ID: IRCNE2013091957
Date: 2013-09-14
According to “ITPro”, Hackers are trying to exploit a flaw in the PHP code used by most major websites, according to security researchers.
IT security firm Imperva claims to have detected hackers mounting a campaign to exploit weaknesses in the PHP SuperGlobal variable to launch a wave of automated attacks, which could affect 80 per cent of the world’s websites.
The company’s Hacker Intelligence Initiative report detailed how PHP SuperGlobal is a prime target that yields a high return on investment for hackers.
One vulnerability allows a cyber criminal to create a malicious query string that overrides values within the _SESSION SuperGlobal variable. A second flaw is found in the PHP serialisation mechanism, which represents complex structured objects, such as the session data, into a flat text form.
The combination of these two vulnerabilities could allow a hacker to execute arbitrary code on a server running PHPMyAdmin. The attacker can combine the two separate vulnerabilities, the former letting the attacker inject a value into the session, and the latter allowing the attacker to create an arbitrary string to inject a maliciously crafted PMA_config object into the serialised session. This fault could allow an attacker to take control of the server.
"Because compromised hosts can be used as botnet slaves to attack other servers, exploits against PHP applications can affect the general security and health of the entire web," said Amichai Shulman, CTO at Imperva.
"The effects of these attacks can be great as the PHP platform is by far the most popular web application development platform, powering more than 80 per cent of all websites, including Facebook and Wikipedia. Clearly, it is time for the security community to devote more attention to this issue."
- 3