PHP's Super Puzzle: Hackers brought about by SuperGlobal. Imperva is a pioneer and leader in new commercial security solutions and is committed to providing security solutions for key applications and high-value commercial data in the data center, it was the first to launch Imperva, a pioneer and leader in new commercial security solutions, and is committed to providing security solutions for key applications and high-value commercial data in the data center, it is the first to launch a new protective layer designed for physical and virtual data centers, as the third pillar of enterprise security. Recently, the company released the September Hacker Intelligence Operation Report-PHP SuperGlobals: Super Puzzle (PHPSuperGlobals: Supersized Trouble), which provides an in-depth analysis of recent attacks against PHP applications, this includes PHP "SuperGlobal" parameters, and further analyzes the general characteristics of attack activities and the significance of the overall integrity of the World Wide Web.
Amichai Shulman, chief technology officer of Imperva, said: "attacked hosts can be used as zombie slaves to attack other servers. Therefore, attacks against PHP applications may affect the security and health of the entire network. These attacks will have very serious consequences, because the PHP platform is the most commonly used network application development platform, providing support for more than 80% of websites, including Facebook and Wikipedia. Obviously, the security community must pay more attention to this issue ."
The report also found that hackers are increasingly capable of integrating advanced attack technologies into simple scripts. At the same time, the report believes that PHP SuperGlobals can bring a high return on investment for attacks, and thus become the main target of hacker attacks.
PHP SuperGlobal parameters are increasingly popular in the hacking community because they can integrate multiple security issues into the same advanced network threat, thus undermining application logic and damaging servers, fraudulent transactions and data theft. The Imperva research team noticed that each application suffered an average of 144 attacks containing the SuperGlobal parameter attack path in a month. In addition, researchers found that the attack activity lasted for more than five months. during the request peak period, each application suffered as many as 90 attacks per minute.
Highlights and suggestions of this report include:
• If keys are exposed to third-party infrastructure, the "retreat" security mode is required: This report finds that PhpMyAdmin (PMA) tools widely used have weak links, this tool is used to manage MySQL databases in a PHP environment. Because this tool is often bound with other applications that use the MySQL database, its weak links may affect the server. even if the administrator does not use this tool, the server will be attacked by code execution, the whole server is taken over. To solve this problem, we recommend the "retreat" security mode.
• It is best to adopt the active security mode: the active security mechanism sets available parameter names for each resource. Only in this mode can attackers exploit external variables to manipulate weak links, this attack allows everyone to use the same internal variable name to send external parameters, so as to overwrite the original internal variable value.
• Increasingly sophisticated hacker technology: Imperva researchers have discovered that attackers can initiate complex attacks and integrate them into easy-to-use tools. However, PHP attack methods also have defects while demonstrating powerful attack capabilities. An application security solution that can detect and eliminate an attack stage can make the entire attack useless.
• SuperGlobal parameters in the request should be blocked: These parameters are not included in the request for any reason; therefore, they should be disabled.
...