This Vulnerability In PHP 7 Can Be Used To Hijacked Web Servers

Aadhya Khatri - Oct 29, 2019

PHP is the programming language that most of the Internet is built on, and recently, researchers have found out that it has a huge vulnerability

Software Engineer Hacking Former Company, Hoping To Be Rehired
Pakistan-Linked Hacker Group Exploits CO.VID-19 Fear To Attack Indians, Posing As The Indian Government
A Hacker Was Awarded $75,000 As Bug Bounty After Reporting Safari Bugs To Apple

PHP is the programming language that most of the Internet is built on. It serves as the pillars for common-used systems for content management like Drupal and Wordpress, as well as web apps like Facebook. So it may freak out lots of people when a security flaw was found with PHP.

PHP-wordpress-vulnerability — PHP serves as the pillars for common-used systems for content management like Drupal and Wordpress

A few days ago, a security researcher based in Russia named Emil ‘Neex’ Lerner revealed a remote-code execution flaw with the latest iteration of PHP. By exploiting this vulnerability, a bad actor can make a web server to do execute arbitrary code to examine, navigate, delete files, and even do data destruction by using a crafted URL. All they have to do is to type in “?a=” to the address of the website with their payload.

This kind of attack can neutralize the barrier of a website to the point that an unprofessional individual can exploit it.

Luckily, the flaw only affects the servers that use the NGINX web server equipped with the PHP-FPM extension. The extension offers added functions for websites with high traffic.

PHP 7 is commonly used in commerce websites. NextCloud, a provider of productivity software, has been urging its clients to update their install of PHP to the latest version available. And NextCloud uses PHP7 with PHP-FPM and NGINX.

Owners of websites that find themselves unable to update their install of PHP can ease the effect by setting a rule for the PHP mod_security firewall. You can find the instruction to do so on the website of Wallarm.

This vulnerability has all it needs to create a catastrophe. The flaw makes it easy for attackers to target websites and can have an impact on several environments. While we have already had workarounds and patches, we know that not everyone is aware of the risk to take proper precautions. Two years after the Heartbleed OpenSSL vulnerability was revealed, the number of servers at risk was more than 200,000.

More importantly, there is evidence suggesting that some hackers have already attempted to exploit this flaw. BadPackets, an intel firm, said that bad actors have already taken control of servers with this vulnerability.