Our researchers are constantly working on information security issues and in 2019 we published dozens of articles on this topic. Stay with us and let’s make the IT world safer together!
When a security researcher found an unusual PHP script while solving an hCorem Capture the Flag task, it reveal hundreds of millions of users are vulnerable to attack. Learn the deep tech.
Hundreds of millions of people using everyday platforms could be at risk. One of the most popular server-side web programming languages, Hypertext Preprocessor (PHP) was discovered to be at high risk for attacks. Patches for high-severity vulnerabilities have been released. Without a protective system like a smart WAF or a patch in place, those vulnerabilities could open the door for remote attacks that compromise servers through arbitrary code execution.
Today we will explore an exciting method to remotely execute code even if an administrator set disable_functions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details of that vulnerability and how can we exploit it. Testing Environment For testing manipulations, we need to up a testing environment. I’ll use docker container with Debian 9…