Imperva released its September Hacker Intelligence Initiative report on Monday to provide an in-depth look at recent attacks against PHP applications.
Since the PHP platform is the most popular web application development platform, exploits against PHP applications can affect the general security and health of the entire web.
The report finds that hackers are increasingly capable of packaging higher levels of sophistication into simpler scripts, and web attacks involving PHP SuperGlobal parameters are also becoming more popular.
SuperGlobal parameters incorporate security problems into an advanced web threat that can break application logic, compromise servers, and result in fraudulent transactions and data theft, Imperva said.
Over the course of a month, the Imperva research team witnessed 144 attacks per application within its sample of 24 applications that contained attack vectors related to SuperGlobal parameters.
The attacks appeared in the form of request burst floods of up to 90 hits per minute on a single application, while some attack campaigns spanned over a period of more than five months.
“Because compromised hosts can be used as botnet slaves to attack other servers, exploits against PHP applications can affect the general security and health of the entire Web,” Amichai Shulman, CTO at Imperva said in a statement. “The effects of these attacks can be great as the PHP platform is by far the most popular web application development platform, powering more than 80 percent of all websites, including Facebook and Wikipedia. Clearly, it is time for the security community to devote more attention to this issue.”
The report also found vulnerability in the popular PhpMyAdmin utility, used to manage MySQL databases in PHP environments. Since it is bundled with other applications using MySQL Database, having this vulnerability on the server exposes it to code execution attacks.