While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the server. PHP Development Take Extra Security StepsĪs a result of the breach, the PHP development team will change how it manages access to its Git server, making its GitHub repositories the de facto code base for the project, rather than just a mirror as it is currently. The inclusion of the name lends credence to the idea that the hackers were calling attention to the PHP development team rather than actively exploiting the vulnerability. Zerodium is the name of a well-known exploit broker service, where hackers can sell exploits to the highest bidder. To trigger the malicious code, an attack would have to send a request to a specific string named zerodium. However, while the breach and exposure of the vulnerability are bad, it is apparent that the hacker or hackers didn't ever intend for the exploit to go live.
Php code hacked to backdoors to how to#
Related: How to Manipulate Text in PHP With These Handy Functions It would grant significant access to a threat actor and present significant danger to the millions of websites that use the programming language. The backdoor, which hasn't made its way into production (meaning it hasn't been pushed live to any servers), would have allowed an attacker to execute code on any vulnerable PHP server. The statement confirms that the PHP source code was indeed breached, with the malicious code being pushed to the PHP Git server from the accounts of lead developers Rasmus Lerdorf and Nikita Popov. The PHP development team released an official statement confirming the source code breach on Sunday, March 28. Hackers Insert Backdoor Into PHP Source Code
0 kommentar(er)
