The Hacker News Logo
Subscribe to Newsletter

Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes

Un-Patched PHP-CGI remote code execution bug can expose Source Codes

A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec.

According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the “-s” switch “show source” to PHP via the query string. For example, You could see the source via “http://localhost/test.php?-s” . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

The team that found the bug, known as Eindbazen. They said that it had been waiting for several months for the PHP Group to release a patch for the vulnerability in order to publish information about the bug.

What this vulnerability can do ? It can help attacker to find out database passwords, file locations etc and  Execute any file on the server’s local disk. Most important , using some trick if you have the possibility to upload a file to the server, execute any code.

So, When PHP is used in a CGI-based setup the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.