Retour aux Archives des Nouvelles

Security hole in PhP

January 05, 2012  Malware News

Sucuri Security recently released a case study where they discovered a large amount of compromised web sites thanks to the abuse of php.ini files.
This file is modified on one line  (;auto_append_file = "*",“) where in the place of *, the attacker substitutes the required file name, which reads automatically upon arriving on the php server.

Retour aux Archives des Nouvelles