Search This Blog

Honeypot Alert: Hackers attempts to exploit PHP-CGI vulnerability

Few days back, Dutch Security experts released information about a vulnerability in PHP-CGI code that allows a remote attacker to pass command line arguments in a query_string that will be passed directly to the PHP-CGI program.

Today, Security researchers from Trustwave, have noticed that their web honeypots has caught a number of attempts to exploit the PHP-CGI vulnerability.

"Notice that while some of these are simply probes to see if the application might be vulnerable, there are also two RFI attempts to execute remote PHP code." Researcher said.

They also provide some mitigation for this vulnerability. You can find the details here.


Share it:

Vulnerability

Web Application Vulnerability