NEW!Enroll into our new Ethical Hacking Playlist. Watch Now

Hackers NewsNews

PHP User Database Leaked in Backdoor Attack

1 Mins read

Crime Committed By : An Old PHP version that got the user database leaked

There has been an update on the PHP source code compromise. As we all know, the PHP code repository was compromised last month. The crime was committed in the name of the creator of PHP, Rasmus Lerdorf and then recommitted by Nikita Popov’s name. The team suspected that someone broke in the server.

Then came up a new post by Popov saying,  “We no longer believe the server has been compromised. However, it is possible that the user database leaked.”

– Nikita Popov said

The server which was broke into uses gitolite which enables git hosting. Popov detected that “these two commits bypassed the gitolite infrastructure entirely,” which lead him to suspect a server break-in. They decided to promote the PHP repository on GitHub as the primary one because it would take time to investigate the weakness and set up a new server. The finding is that the user database was leaked.

This theory is undermined by the fact that the logs guesses the usernames. Once the correct username was detected, there was immediate authentication. It is found that his user database was part of “very old code on a very old operating system/PHP version,” said Popov, who added that a vulnerability or weaknesses “would not be terribly surprising.”

The actions that are being taken include resetting all passwords, also the Password encryption has been upgraded to use bcrypt, it is not compatible with Apache’s HTTP Digest authentication. Other actions include amending the code to use parameterised queries, to protect against SQL injection attacks.

There can be no proper explanations on what went wrong there as it won’t be enough. We all can understand from this, whatever may be the security be or how much ever security we use for our repository, there is no guarantee that it is safe or will keep our user databases safe.

7 posts

About author
Dipsikha Bhattacharya is first year psychology student at Indian institute of Psychology and Research, working here as a content writer, also owns an Instagram page for writings and aspires to be a writer and a psychologist.
    Related posts
    Ethical Hacking CourseHackers News

    Master Google Dorking/Hacking: Unleash the Power of Google Search Hacking

    6 Mins read
    Introduction In the ever-expanding digital landscape, information is key. And when it comes to uncovering hidden data, vulnerabilities, or sensitive information, Google…
    Ethical HackingHackers News

    How to Set-Up VPN Chaining: The Ultimate Guide

    14 Mins read
    In today’s interconnected world, online privacy and security have become paramount concerns. Many Internet users turn to Virtual Private Networks (VPNs) to…
    Hackers News

    VPN Chaining: Enhancing Privacy and Security in the Digital Age

    4 Mins read
    About VPN chaining In today’s digital landscape, where cyber threats are on the rise, ensuring the privacy and security of our online…

    1 Comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Ethical HackingTechnology

    What is Network Security? Types of Web Protection