Hackers are using a bug in PHP7 to remotely hijack web servers

Hackers are using a bug in PHP7 to remotely hijack web servers 1

The PHP programming language underpins much of the Internet. It forms the basis of popular content management systems like WordPress and Drupal, as well as more sophisticated web applications, like Facebook (kinda). Therefore, it’s a huge deal whenever researchers identify a security vulnerability within it.

A couple of days ago, Emil ‘Neex’ Lerner, a Russia-based security researcher, disclosed a remote-code execution vulnerability in PHP 7 – the latest iteration of the hugely popular web development language.

With this vulnerability, which has the CVE-ID of 2019-11043, an attacker could force a remote web server to execute their own arbitrary code simply by accessing a crafted URL. The attacker only needs to add “?a=” to the website address, followed by their payload.

As pointed out by Catalin Cimpanu in ZDNet, this attack drastically lowers the barrier to entry for hacking a website, simplifying it to the point where even a non-technical user could abuse it.

Fortunately, the vulnerability only impacts servers using the NGINX web server with the PHP-FPM extension. PHP-FPM is a souped-up version of FastCGI, with a few extra features designed for high-traffic websites.

While neither of those components are necessary to use PHP 7, they remain stubbornly common, particularly in commercial environments. Cimpanu points out that NextCloud, a large productivity software provider, uses PHP7 with NGINX and PHP-FPM. It’s since released a security advisory to clients urging them to update warning them of the issue and imploring them to update their PHP install to the latest version.

Site owners who are unable to update their PHP install can mitigate the problem by setting a rule within the standard PHP mod_security firewall. Instructions on how to do this can be found on the website of appsec startup Wallarm.

This vulnerability has all the hallmarks of a security perfect storm. Not only are multiple environments at risk, but it’s also trivially simple for an attacker to exploit the vulnerability. And while patches and workarounds currently exist, as we’ve witnessed previously, not everyone is particularly proactive with their security. Two-and-a-half years after the well-publicized Heartbleed OpenSSL bug was disclosed, over 200,000 servers remained vulnerable.

And there’s evidence to suggest that hackers are already exploiting this critical PHP issue. Threat intel firm BadPackets has already confirmed to ZDNet that bad actors are already using this vulnerability to commandeer servers.

Things are going to get worse before they get better.

Nasty PHP7 remote code execution bug exploited in the wild on ZDNet

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 62,678.00
ethereum
Ethereum (ETH) $ 4,078.63
binance-coin
Binance Coin (BNB) $ 473.49
tether
Tether (USDT) $ 0.999666
cardano
Cardano (ADA) $ 2.16
solana
Solana (SOL) $ 184.97
xrp
XRP (XRP) $ 1.10
polkadot
Polkadot (DOT) $ 42.75
usd-coin
USD Coin (USDC) $ 0.999583
dogecoin
Dogecoin (DOGE) $ 0.24391
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 62,678.00
ethereumEthereum (ETH)
$ 4,078.63
tetherTether (USDT)
$ 0.999666
bitcoin-cashBitcoin Cash (BCH)
$ 626.62
litecoinLitecoin (LTC)
$ 197.77
bitcoinBitcoin (BTC)
53.904,96
ethereumEthereum (ETH)
3.507,74
tetherTether (USDT)
0,859743
bitcoin-cashBitcoin Cash (BCH)
538,91
litecoinLitecoin (LTC)
170,09
bitcoinBitcoin (BTC)
45,484.48
ethereumEthereum (ETH)
2,959.80
tetherTether (USDT)
0.725443
bitcoin-cashBitcoin Cash (BCH)
454.73
litecoinLitecoin (LTC)
143.52

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin62,978 0.15 % 4.94 % 9.55 %
Ethereum4,107.2 0.68 % 0.35 % 13.91 %
Binance Coin475.04 0.07 % 5.62 % 1.16 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano2.160 0.36 % 1.32 % 1.31 %
Solana185.95 0.93 % 6.98 % 25.31 %
XRP1.100 0.32 % 3.76 % 2.45 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Dogecoin0.2452 0.38 % 4.36 % 5.36 %

bitcoin
Bitcoin (BTC) $ 62,678.00
ethereum
Ethereum (ETH) $ 4,078.63
binance-coin
Binance Coin (BNB) $ 473.49
tether
Tether (USDT) $ 0.999666
cardano
Cardano (ADA) $ 2.16
solana
Solana (SOL) $ 184.97
xrp
XRP (XRP) $ 1.10
polkadot
Polkadot (DOT) $ 42.75
usd-coin
USD Coin (USDC) $ 0.999583
dogecoin
Dogecoin (DOGE) $ 0.24391