PHP Security Alerts

Web programming qustions, like PHP, ASP, ASP .NET, Perl etc. belong in this section.
Forum rules
Please make yourself familiar with our rules and guidelines before posting.
Post Reply
Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:
Contact Accrete

PHP Security Alerts

Post by Accrete »

Thought we should have a thread for PHP security issues people come across.

If you see a PHP security issue post it here (with resolution if possible).
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Top
Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:
Contact Accrete

Re: PHP Security Alerts

Post by Accrete »

This article doesn't have a solution but it points out a security issue with assert() in PHP 7:
...During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. Once this injection is accomplished, bad actors can leverage PHP’s assert() function to execute any malicious code they like...
Using assert() to Execute Malware in PHP 7 Environments
Sept 1/20
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Top
Post Reply

Return to “Web Programming”

Who is online

Users browsing this forum: No registered users and 3 guests