Friday, April 28, 2017
Home / Security / Exploits / Old PHP Vulnerability Utilized in new Server Attacks

Old PHP Vulnerability Utilized in new Server Attacks

Server admins do not always update servers with the latest patches, especially when older versions of software come pre-installed on servers. Many admins don’t realize that their Web servers are exploitable via freely available exploits.

Imperva issued a threat advisory on Wednesday for a code injection vulnerability in PHP (CVE-2012-1823).

“Zero-day vulnerabilities become zero-effort,” Shteiman of Imperva stated, noting that attackers can use publicly available exploits to craft new attacks.

Although this particular PHP flaw was discovered in March 2012 and fixed in May, a public exploit campign started in October 2013, Imperva said in their advisory. The reality that the exploit became freely available more than a year later suggests criminals remained utilizing it in some degree of success targeting this vulnerability, Shteiman said.

There’s a time gap between in the event the patch is offered and when administrators and organizations become mindful that both the problem and a fix are offered. Cyber-criminals know that servers running PHP are often not updated even though newer versions can be found.

“This creates a window of opportunity for hackers to act on, as they know that the window will be open for a long time,” Imperva stated.

“Hacking is no longer about showing off, but more about financial gain with the least amount of effort,” Shteiman added.

Currently, 82 percent of most Websites today are developed in PHP, in accordance with Imperva’s data. The bug exists in PHP versions older than 5.4.2 or 5.3.12, and version 5.3 works with almost 42 percent of all the sites.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …