• Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

    Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily...

  • miniLock - Open Source File Encryption Tool from CryptoCat Developer

    It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as...

  • A BEGINNERS GUIDE TO HACKING UNIX

      *************  *       A BEGINNERS GUIDE TO:        *  *        ...

  • CASH! CASH! Hacking ATM Machines with Just a Text Message

    As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million...

  • Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

    Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the...

  • Snoopy Drone Can Hack Your Smartphones

    The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for...

  • Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

    Android - a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts...

  • Introduction to Netcat

    Introduction : So I was messing around on the internet and came across a tool called Netcat.  I've been messing with it for a couple of...

  • Google Nexus phone vulnerable to SMS-based DOS attack

    Google’s Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network...

  • Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

    A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability...

Thursday, 12 September 2013

Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers


Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc.


Imperva Releases Hacker Intelligence Initiative Report, particularly concerned about two vulnerabilities that can be used to execute code on servers running PHP and fail to stop PHP SuperGlobal parameter variables being modified by external sources.
  • Dubbed as CVE-2011-2505, describes a vulnerability in the authentication feature in PhpMyAdmin (PMA) that enables attackers to modify the _SESSION SuperGlobal variable.
  • CVE-2010-3065 describes a problem in the PHP’s session serialization mechanism. By injecting malicious value into an internal variable using PHP's Superglobal mechanism, the attacker is able to change the application flow and execute arbitrary commands to take control over the server.
Because compromised hosts can be used as botnet slaves to attack other servers, exploits against PHP applications can affect the general security and health of the entire web,”

Vulnerability is particularly dangerous due to the common use of PHP and could be used by hackers for a variety of purposes. "The effects of these attacks can be great, as the PHP platform is by far the most popular Web application development platform, powering more than 80% of all Web sites, including Facebook and Wikipedia. Clearly, it is time for the security community to devote more attention to this issue."

They note that PHP applications do not protect against the modification of variables from external sources, such as query parameters or cookies.
The attacker can combine the two separate vulnerabilities to extend the scope of the flaws. “Based on the captured malicious traffic, we were able to trace its origin and find the specific exploit code used to generate it in a hacker forum on the web.

Imperva's research team noted an average of 144 attacks per application that contained attack vectors related to SuperGlobal parameters, for the purpose of remote code execution, remote file inclusion and security filter evasion attacks.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)