Digit Oktavianto Web Log

Catatan Sampah si Digit

PHP-CGI Exploitation Advisory and Mitigation

| Comments

Last week, a PHP-CGI vulnerability wasmdisclosed. The first person / group that reported this vulnerability is De Eindbazen. Famous Group in CTF World (Haha..). They found this vulnerability while playing Nullcon CTF. The details about this vulnerability :

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

This is the example payload taken by Ryan Barnett in his honeypot machine :

http://blog.spiderlabs.com/2012/05/honeypot-alert-active-exploit-attempts-for-php-cgi-vuln.html

You also can read the Proof of COncept from Spiderlabs here :

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

This page tell you about mitigation for this vulnerability :

http://www.php-security.net/archives/11-Mitigation-for-CVE-2012-1823-CVE-2012-2311.html

De Eindbazen also write some codes for the mitigation, you can download it here :

http://eindbazen.net/wp-content/uploads/2012/05/CVE-2012-1823-mitigation.tar.gz


Happy Hacking

Comments