PHP super vulnerability exposure 360 urgent release Solution

On June 23, May 4, the website security detection platform of 360 issued an orange security alert saying that the recently exposed PHPCGI vulnerability has been attacked by hackers and seriously threatened to execute PHP website servers in CGI Mode. According to the 360 detection, the vast majority of Web Hosting Providers in China have this vulnerability. Attackers can exploit this vulnerability to remotely execute malicious code by finding any PHP file, thus capturing the entire server. Currently, only 360 of website treasures (http://wzb.360.cn) in China can provide defense solutions for websites affected by the vulnerability.

The PHPCGI vulnerability was first published by a foreign security researcher recently. It actually exists for about eight years. According to website security engineer 360, the vulnerability is caused by the user submitting HTTP request parameters to the Apache server and handing over the parameters to the backend php-cgi through the mod_cgi module, however, some characters are not processed during execution, such as spaces, equal signs (=), minus signs (-), and so on. Using these characters, attackers can submit malicious data to the backend php-cgi parser. php-cgi will directly execute this "data" as a php parameter, currently, the intercepted attacks mainly use the following PHP parameters:

Contains the content read from the local file:

 

Read the PHP source code:

 

Directly execute any command:

Execute webshell directly on the server through remote inclusion:

 

360 according to the analysis on the website security detection platform, the harm caused by the PHPCGI vulnerability is not limited to remote code execution. Attackers can also define php Execution parameters. After "-n" is used, php. some column security settings in ini are bypassed. At present, most of the security of virtual hosts still rely on the security settings of php itself. In the event of such a vulnerability attack, it will be virtually empty.

As of press time, 360 of the website security detection platform had added the PHPCGI vulnerability to the scanning rules to perform an emergency special scan for registered website users, and promptly sent an alert to the website manager affected by the vulnerability. In addition, related websites can also use the 360 website service for free, which can effectively defend against malicious attacks against websites.

1. HP research found a wide range of custom Web application Vulnerabilities
2. The risk of current wireless network vulnerability information leakage is greatly increased
3. HP research found that security risks are entering a new era, and the vulnerability situation has changed
4. Microsoft urgently released patches to fix Hotmail Security Vulnerabilities
5. Microsoft discovers new malware targeting Apple Computer Vulnerabilities