Security hole in PhP

January 05, 2012 Malware News

Sucuri Security recently released a case study where they discovered a large amount of compromised web sites thanks to the abuse of php.ini files.
This file is modified on one line (;auto_append_file = "*",“) where in the place of *, the attacker substitutes the required file name, which reads automatically upon arriving on the php server.