HomesecurityRealWorld CTF Exercise: PHP zero-day vulnerability discovered that allows remote code execution

RealWorld CTF Exercise: PHP zero-day vulnerability discovered that allows remote code execution

CTFThe Capture the Flag (CTF) tasks are some of the "tests" that the professionals in the field of security to improve, demonstrate and acquire skills.

In CTF competitions, security experts try to find out vulnerabilities, to create exploits, toolkits and various other things.

When joining CTF tasks, many experts discover security issues that neither the creators of the task themselves thought of. Such are the issues zero-day vulnerabilities.

PHP zero-day vulnerability was accidentally found

During the Realworld CTF, held in September, o researcher security, Andrew Danau, accidentally discovered an unusual behavior of a PHP script.

When Andrew Danau sent% 0a (newline) bytes to the URL, the server response was not normal. It returned more data than it should. In addition, the amount of data was related to the number of bytes after% 0a within the URL. This behavior is usually associated with memory corruption attacks. It could also be related to attacks that allow it leakage of sensitive personal or financial data. Finally, it could be one vulnerability that allows malicious execution code remote.

Andrew's colleagues, Emil and Omar, decided to take a closer look at the issue. They were able to understand the reason for this unusual behavior and managed to create a related exploit that allows code to be executed remotely. They ended up being one PHP zero-day vulnerability.

Tackle it PHP issue

Andrew's discovery is very important, mainly because the creator of the task himself had not thought of it. Various security solutions have already been used to address the issue and the platform has been found Wallarm Cloud Native WAF automatically detects the problem.

The solutions offered by Wallarm seem to be quite effective in limiting the security issue.

This is not the first time a breakthrough has been made. Andrew Danau and his colleagues not only discovered the security issue, but also figured out how the malware could be exploited. hackers. Discovering this PHP zero-day vulnerability is important for enhancing the protection and security of many website applications.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement