Thought we should have a thread for PHP security issues people come across.
If you see a PHP security issue post it here (with resolution if possible).
PHP Security Alerts
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
Re: PHP Security Alerts
This article doesn't have a solution but it points out a security issue with assert() in PHP 7:
Sept 1/20
Using assert() to Execute Malware in PHP 7 Environments...During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. Once this injection is accomplished, bad actors can leverage PHP’s assert() function to execute any malicious code they like...
Sept 1/20
Who is online
Users browsing this forum: No members and 21 guests