Hackers backdoor PHP source code after breaching internal git server

by
Dan Goodin
from Ars Technica - All content on (#5FY1S)
backdoor-800x450.jpeg

Enlarge (credit: BeeBright / Getty Images / iStockphoto)

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice. The malicious commits here and here gave the code the code-injection capability to visitors who had the word zerodium" in an HTTP header.

PHP.net hacked, code backdoored

The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. We don't yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account)," Popov wrote in a notice published on Sunday night.

Read 12 remaining paragraphs | Comments

index?i=yIFr4nBmhgQ:SOHL54Na2ww:V_sGLiPB index?i=yIFr4nBmhgQ:SOHL54Na2ww:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments