PHP CGI Query String Parameter Processing Remote Code Execution

 

This vulnerability in PHP 5.3.12 and 5.4x before 5.4.2 when configured as a CGI script (php-cgi), a query which lacks and = sign will not be properly handled. So a remote attack may be possible.

And the problem will be that one will not know it is on the web server, unless one check for odd ports being open on the server.

Since after the PHP “bad code” it will cause more code to be opened and downloaded on the now infected machine.

http://www.qualys.com/research/sans-at-risk/2014/week-2/

Small orgs still have to do the right thing

The problem with looking at this sophisticated target and Michaels attacks can make you think:

That only happens to the big companies – my business does not provide a large target, so I don’t have to worry.

 

That is unfortunately not true.  Small organizations need to do the right thing and secure their resources as much as possible, since thety will get different attackers, different attacks. And undefended you will get hammered as the smaller attacks pile up.