nginx php-fpm hacking exploit

If you’re running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.

The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit for the flaw has already been released publicly.

PHP-FPM is an alternative PHP FastCGI implementation that offers advanced and highly-efficient processing for scripts written in PHP programming language.

The main vulnerability is an “env_path_info” underflow memory corruption issue in the PHP-FPM module, and chaining it together with other issues could allow attackers to remotely execute arbitrary code on vulnerable web servers.

The vulnerability was spotted by Andrew Danau, a security researcher at Wallarm while hunting for bugs in a Capture The Flag competition, which was then weaponized by two of his fellow researchers, Omar Ganiev and Emil Lerner, to develop a fully working remote code execution exploit.

Which PHP-based websites are…

http://feedproxy.google.com/~r/TheHackersNews/~3/FsBHt8lHiJo/nginx-php-fpm-hacking.html

Leave a Reply