Tip: Microsoft says Web shell usage by hackers is on the riseĬisco presents Networking Cloud: what is it and what’s in it for you? Therefore, the version of the code that is on GitHub will now be the main version of the code. Nevertheless, PHP’s developers have decided that maintaining their own git infrastructure is too dangerous. The code did not end up in a production version of the PHP source code, so no website is running compromised code. Not much later, the code was added again with a second commit. The next day an attentive developer noticed it, and the code was reverted. The first rogue commit was made last Saturday under the guise of a typo. Likely, the researcher(s) who found this bug/exploit tried to sell it to many entities but none wanted to buy this crap, so they burned it for fun □- Chaouki Bekrar MaVulnerability removed before rollout Obviously, we have nothing to do with this. The CEO of Zerodium suspects that it is a troll.Ĭheers to the troll who put "Zerodium" in today's PHP git compromised commits. It is not clear why the hackers referred to the company. That company has already emphasised that it has nothing to do with the hack. Zerodium is a company that sells exploits to governments for research purposes. If the user agent HTTP header, the information a website receives about a connecting computer, begins with the word ‘zerodium’, the code is activated. The code added by the hackers allowed attackers to run their own code on any website that used the compromised PHP code. The incident is still under investigation. According to them, the issue is a compromised server and not hacked Git accounts. In a message on their website, the PHP developers say that two malicious commits were performed on the php-src-repo under the names of Rasmus Lerdorf and Nikita Popov. This allows them to gain access to websites that make use of the code. This has allowed them to add their own code to PHP’s source code. Hackers have managed to hack PHP’s Git server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |