PHP Security Alerts

Web programming qustions, like PHP, ASP, ASP .NET, Perl etc. belong in this section.
Forum rules
Please make yourself familiar with our rules and guidelines before posting.
Post Reply
Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

PHP Security Alerts

Post by Accrete »

Thought we should have a thread for PHP security issues people come across.

If you see a PHP security issue post it here (with resolution if possible).
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Re: PHP Security Alerts

Post by Accrete »

This article doesn't have a solution but it points out a security issue with assert() in PHP 7:
...During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. Once this injection is accomplished, bad actors can leverage PHP’s assert() function to execute any malicious code they like...
Using assert() to Execute Malware in PHP 7 Environments
Sept 1/20
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Post Reply

Return to “Web Programming”

Who is online

Users browsing this forum: No members and 14 guests