In the most recent Hacker Intelligence Initiative Report – “PHP SuperGlobals: Supersized Trouble“, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution.
In addition to local and global scope variables, PHP has several predefined variables that are called SuperGlobals. These variables are available to the PHP script in both scopes, with no need for explicit declaration. 4 SuperGlobals were introduced to PHP in version 4.1.0.
The PHP SuperGlobal parameters are gaining popularity within the hacking community because they incorporate multiple security problems into an advanced web threat that can break application logic, compromise servers, and result in fraudulent transactions and data theft.
In one month, Imperva’s research team noted an average of 144 attacks per application that contained attack vectors related to SuperGlobal parameters. Furthermore, researchers witnessed attack campaigns lasting more than five months with request burst floods of up to 90 hits per minute on a single application.
The effects of these attacks can be great as the PHP platform is by far the most popular web application development platform, powering more than 80 percent of all websites, including Facebook and Wikipedia. Clearly, it is time for the security community to devote more attention to this issue.
The report also finds that hackers are increasingly capable of packaging higher levels of sophistication into simpler scripts, and identifies PHP SuperGlobals as a prime target that yields a high return on investment.
“Exploits Against PHP Applications Can Affect the General Security and Health of the World Wide Web”.