PHP Exploit for CGI instalations

As described in this article, PHP has a bug for CGI installations where a simple query string parameter might be enough to get full access to the server.

No server right now should be using CGI as installation, but if you are unsure if your server has a CGI installation is pretty simple to verify. Simply create a info.php page where it contents will be:


and load it from the server. If on the Apache section of the PHP Info shows mod_cgi, you should be looking for a better installation or some good security and contingency plan until the path for this bug is released.

As a rule of thumb no server should be using CGI as installation. From all PHP installations formats, CGI is by far the worst on performance.


About mcloide

Making things simpler, just check: View all posts by mcloide

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: