A vulnerability in PHP’s
phpinfo() function allows PHP scripts to read arbitrary strings from memory.
This is a somewhat older article by Stefan Esser, which I didn’t want to keep from you. During the development of a new Suhosin version, he and his team found a phpinfo() type confusion vulnerability.
The information leak even allows a PHP script to steal the private SSL key.
In the last weeks we have spent some time looking into the PHP source code again, because we were working on new versions of Suhosin, our security extension for PHP. During this time we have discovered some security problems in PHP and disclosed them to the PHP security team, after our initial analysis was finished and POC exploits were developed.
Unfortunately the PHP security team did not acknowledge the vulnerabilities or attempt to discuss them, but instead just applied the patches we supplied and released updated versions of PHP 5.4 and PHP 5.5. Unfortunately a security update for PHP 5.3 is not available, although it is the version most affected by the phpinfo() information leak described here. However we already discussed the problem that PHP 5.3 has not received any security updates since December 2013 and how SektionEins can help you with that in another place.
In this post we will detail the phpinfo() type confusion vulnerability that we disclosed to PHP.net and show how it allows a PHP script to steal the private SSL key. We demonstrate this on an Ubuntu 12.04 LTS 32 bit default installation of PHP and mod_ssl.
If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.
A plea for WordPress plugin developers to stop supporting legacy PHP versions
Fatal error: Uncaught Error:  operator not supported for strings – PHP 7.1
Set WP_MEMORY_LIMIT value correctly in wp-config.php
Remove Jetpack email sharing service
Check WordPress Core files integrity
Joomla! (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit