Here’s how hackers are exploiting bug in PHP7 to hijack web servers | Tech News

Here’s how hackers are exploiting bug in PHP7 to hijack web servers

With this vulnerability, which has the CVE-ID of 2019-11043, an attacker may drive a distant net server to execute their very own arbitrary code just by accessing a crafted URL.

By: INDO ASIAN NEWS SERVICE
| Updated on: Aug 20 2022, 17:41 IST
Hackers using bug in PHP7 to hijack web servers: Report
Hackers using bug in PHP7 to hijack web servers: Report (Getty Images/iStockphoto)

Russia-based security researcher Emil 'Neex Lerner has disclosed a remote-code execution vulnerability in PHP 7 - the newest iteration of the massively widespread net growth language.

PHP is a server side scripting language that is used to develop static websites, dynamic websites or web applications. It forms the basis of popular content management systems like WordPress, Drupal, as well as Facebook (kinda). Due to this, it is a huge deal whenever someone wants to identify a security vulnerability within it.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

With this vulnerability, which has the CVE-ID of 2019-11043, an attacker may drive a distant net server to execute their very own arbitrary code just by accessing a crafted URL. The attacker only needs to add "?a=" to the website address, followed by their payload, The Next Web (TNW) reported on Sunday.

Also read
Looking for a smartphone? To check mobile finder click here.

As per the report, this attack drastically lowers the barrier to entry for hacking a website which even a non-technical user could abuse.

The vulnerability only impacts servers using the NGINX web server with the PHP-FPM extension and users who are unable to update their PHP install can mitigate the problem by setting a rule within the standard PHP ModSecurity firewall.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 28 Oct, 18:59 IST
Tags:
NEXT ARTICLE BEGINS