You can now find Cyber Kendra on Google News | Telegram

Hackers Hacked PHP Git Repository

Hackers have breached the internal Git repository of the PHP programming language and have added a backdoor to the PHP source code in an attack.

Cybercriminals hacked into the official PHP Git repository in order to inject two malicious commits and change the codebase.

The attackers added commits disguised as PHP developers Rasmus Lerdorf and Nikita Popov. The hackers tried to hide their malicious activity and passed off the implemented changes as simple typographical fixes. In fact, they changed the PHP source code to implement a remotely managed backdoor.

The added line 370, where the zend_eval_string function is called, contained the code that actually injected a backdoor to remotely execute code on a website running an infected version of PHP.

“This line executed PHP code from the user's HTTP header if the line began with 'zerodium',” PHP developer Jake Birchall explained to Michael Voříšek, who first pointed out the anomaly.

According to Popov, the first commit was discovered a couple of hours after its implementation during a routine code review. The changes were clearly malicious and were immediately reversed.

Investigation into the incident is ongoing, and experts say the malicious change was a hacked server, not a hacked individual user's Git account. The changes affected the development branches for PHP 8.1, which is scheduled for release later this year.

The developers also decided to move the PHP source code to the repository on GitHub for security reasons

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.