Thought we should have a thread for PHP security issues people come across.
If you see a PHP security issue post it here (with resolution if possible).
PHP Security Alerts
Forum rules
Please make yourself familiar with our rules and guidelines before posting.
Please make yourself familiar with our rules and guidelines before posting.
-
Accrete
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
-
Accrete
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
Re: PHP Security Alerts
This article doesn't have a solution but it points out a security issue with assert() in PHP 7:
Sept 1/20
Using assert() to Execute Malware in PHP 7 Environments...During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. Once this injection is accomplished, bad actors can leverage PHP’s assert() function to execute any malicious code they like...
Sept 1/20
Who is online
Users browsing this forum: No members and 4 guests