PHP Bugs Being Exploited By Attackers To Hijack Vulnerable Websites Remotely

Security researchers have revealed that due to an unpatched vulnerability in the PHP scripting language, attackers are taking control of servers around the world remotely, and which will put several unprotected websites in danger of leaking confidential information.

Darian Anthony Patrick, a Web application security consultant with Criticode, explains the effects of this vulnerability in saying, “The huge issue is the remote code execution and that’s really easy to figure out how to do. If I as an attacker found it existed on a particular site, it would be exciting because I own everything. It’s the kind of vulnerability where it’s probably not super prevalent, but if it’s there, it’s not a minor thing.”

To complicate matters, the complete details of this bug was made public last week, giving attackers the information required to take control of vulnerable websites – even though there are no facts to determine how many sites are actually vulnerable.

According to these experts, even though websites which run CGI-configured PHP on the Apache webserver are the most vulnerable, there are still other factors that determine whether or not a website is truly endangered or not.

While others believe that only a small percentage of website might be vulnerable to these attacks, the best form of defense against these attacks is for administrators to lock down their systems immediately.  This has become their last line of defense ever since the patch to fix this hole can be bypassed easily.

What also adds to the confusion is the possibility that there are websites out there that are old or which haven’t been updated yet, and which might be prone to attack for at least the next two to three years.