HELLO FRIENDS AS ALL OF YOU KNOW THAT Dutch Security experts accidentally find a dangerous PHP-CGI
vulnerability that could allow an attacker for command execution and
source code disclosure.
Researchers found this vulnerability while playing the Nullcon CTF. The
found that giving the query string ‘?-s’ somehow resulted in the “-s”
command line argument being passed to php, resulting in source code
disclosure. After further analysis, they revealed that the bug has been
around since 2004.
So, the main topic is that php has this kind of bug and we all know that facebook is made in php so this bug also affects facebook and the facebook bug is that whenever you visit this link http://facebook.com/?-s
it shows a source code of facebook. Here is the screenshot of this page and facebook engineers has done a mistake in code they havent completed the end tag ?> in php.
here is the screenshot




0 comments:
Post a Comment