Tom_Spector_50
May 08, 2012Historic F5 Account
RE: Recent PHP-CGI query string parameter vulnerability
The recently found PHP-CGI
query string parameter vulnerability noted in:
https://bugs.php.net/bug.php?id=61910v
Was announced on May 2nd
and as of yet, does not have a solution - http://eindbazen.net/2012/05/php-cg...2012-1823/
A signature such as:
uricontent:"php?-";
nocase;
Would flag any instances of
using a ‘-‘ at the start of a PHP query string.
This signature can further be
refined to target only the instances where the ‘-‘ is used without a ‘=’ in the
query or only with relation to the specific switches (e.g. –s,-d and –c) as
well as account for spaces between ‘?’ and ‘–‘ e.g. php?+-c
Alternatively, you can create an
iRule that searches for the same string in a URL.
Thanks,
Tom.