Home > Article > Backend Development > PHP’s Super Dilemma: Hackers brought by SuperGlobal_PHP Tutorial
PHP’s Super Dilemma: Hackers brought by SuperGlobal_PHP Tutorial
- WBOYOriginal
- 2016-07-13 10:36:19928browse
Imperva is a pioneer and leader in new commercial security solutions. It is committed to providing security solutions for critical applications and high-value business data in data centers. It is the first to launch a new protection layer designed specifically for physical and virtual data centers. As the third pillar of enterprise security. Recently, the company released a September hacker intelligence action report - "PHP SuperGlobals: Supersized Trouble" (PHPSuperGlobals: Supersized Trouble), which conducted an in-depth analysis of recent attacks against PHP applications, including attacks involving PHP "SuperGlobal" parameters. , and further analyzed the general characteristics of attack activities and the significance of the overall integrity of the World Wide Web.
Amichai Shulman, chief technology officer at Imperva, said: "An compromised host can be used as a zombie slave to attack other servers, so attacks against PHP applications may affect the security and health of the entire network. These attacks will have very serious consequences. Consequences, since the PHP platform is the most commonly used web application development platform, powering more than 80% of websites, including Facebook and Wikipedia, it is clear that the security community must pay more attention to this issue now. ”
The report also found that hackers are increasingly able to combine advanced attack techniques with simple scripts. At the same time, the report believes that PHP SuperGlobals can bring high return on investment for attacks, so it has become the main target of hacker attacks.
PHP SuperGlobal parameters are increasingly popular in the hacker community because they can combine multiple security issues into the same advanced network threat, thereby disrupting application logic, compromising servers, causing fraudulent transactions and data theft. The Imperva research team noticed that over the course of a month, each application suffered an average of 144 attacks containing the SuperGlobal parameter attack path. In addition, researchers also found that attack activities can last for more than five months, and during peak request periods, each application will suffer up to 90 attacks per minute.
Highlights and recommendations from the report include:
• If keys are exposed to third-party infrastructure, a "fallback" security model is required: The report found a vulnerability in the widely used PhpMyAdmin (PMA) tool, which is used to manage MySQL databases in a PHP environment. Because the tool is often bundled with other applications that use MySQL databases, a weakness in it can expose a server to a code execution attack that could lead to an entire server takeover, even if the administrator is not using the tool. To solve this problem, it is recommended to adopt the "retreat" security mode.
•It is best to use the active security mode: The active security mechanism specifies the parameter names that can be used for each resource. Only this mode can prevent attackers from using external variables to manipulate weak links. This attack allows everyone to use the same internal variables. Name is sent as an external parameter, thus overwriting the original internal variable value.
•Hackers are becoming increasingly sophisticated: Imperva researchers have found that attackers are able to launch complex attacks and integrate them into simple and easy-to-use tools. However, while showing powerful attack capabilities, the PHP attack method also has flaws. An application security solution that detects and neutralizes one stage of an attack can render the entire attack useless.
• SuperGlobal parameters in requests should be blocked: These parameters have no reason to appear in requests; therefore they should be prohibited.