Tuesday, May 8, 2012

FACEBOOK'S BUG AND PHP VULNERABILITY



HELLO FRIENDS AS ALL OF YOU KNOW THAT Dutch Security experts accidentally find a dangerous PHP-CGI vulnerability that could allow an attacker for command execution and source code disclosure.
Researchers found this vulnerability while playing the Nullcon CTF. The found that giving the query string ‘?-s’ somehow resulted in the “-s” command line argument being passed to php, resulting in source code disclosure. After further analysis, they revealed that the bug has been around since 2004.

So, the main topic is that php has this kind of bug and we all know that facebook is made in php so this bug also affects facebook and the facebook bug is  that whenever you visit this link http://facebook.com/?-s
it shows a source code of facebook. Here is the screenshot of this page and facebook engineers has done a mistake in code they havent completed the end tag ?> in php.

here is the screenshot

0 comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More