Obviously, we have nothing to do with this. Zerodium founder Chaouki Bekrar early Monday Tweeted: "Cheers to the troll who put "Zerodium" in today's PHP git compromised commits.
#Php code hacked to backdoors to software#
It was spotted by Michael Voříšek, a Czech software engineer, and flagged as malicious by UK-based dev Jake Birchall.
The new line of code would have executed PHP code from within the user agent HTTP header, if the string starts with 'zerodium' - the name of a exploit broker. One of the two malicious commits was named "fix typo". He added: "Instead, the repositories on GitHub, which were previously only mirrors, will become canonical." Likely, the researcher(s) who found this bug/exploit tried to sell it to many entities but none wanted to buy this crap, so they burned it for fun." While an investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the server, said Popov. It was not immediately clear how the attackers could sign off the commits under trusted names: "Everything points towards a compromise of the server (rather than a compromise of an individual git account). The PHP community is reviewing the repositories "for any corruption beyond the two referenced commits". The impact could have huge: as of March 2021 PHP is used by over three quarters (79.1%) of all websites. The code would have let the hacker execute malicious PHP commands on victim servers.
Since its creation in 1994 the open source script has been used as the primary language preference for content management systems like WordPress and Drupal. PHP is the best known and most commonly used language for server-side scripting. Mystery hackers breached the official PHP Git repository and pushed two malicious commits upstream into the programming language, signing them off as if they were made by known PHP developers and maintainers, Rasmus Lerdorf and Nikita Popov - before the supply chain attack was spotted by a sharp-eyed engineer.
0 kommentar(er)
