PHP Security Alerts

Web programming qustions, like PHP, ASP, ASP .NET, Perl etc. belong in this section.
Post Reply
Accrete
Administrator
Posts: 1265
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 767
Location: Canada
Has thanked: 22 times
Been thanked: 108 times
Contact:

PHP Security Alerts

Post by Accrete »

Thought we should have a thread for PHP security issues people come across.

If you see a PHP security issue post it here (with resolution if possible).


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Advertisement
Advertisement
Accrete
Administrator
Posts: 1265
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 767
Location: Canada
Has thanked: 22 times
Been thanked: 108 times
Contact:

Re: PHP Security Alerts

Post by Accrete »

This article doesn't have a solution but it points out a security issue with assert() in PHP 7:
...During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. Once this injection is accomplished, bad actors can leverage PHP’s assert() function to execute any malicious code they like...
Using assert() to Execute Malware in PHP 7 Environments
Sept 1/20


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Post Reply

Return to “Web Programming”

Who is online

Users browsing this forum: No members and 24 guests