Security Advisories

Trustwave Press Releases

« [Honeypot Alert] (UPDATE) Active Exploit Attempts for PHP-CGI Vuln | Main | TWSL2012-004: Multiple Vulnerabilities in Zen Cart »

07 May 2012


The biggest problem of these rants is that they come from people stuck in the old days of PHP. They either don't care or they don't want to admit that PHP actually evolves at a very fast pace, both at the language level but also at the community level. In fact, it evolves much faster than any other language or web platform. It has not always been the case, but the last 5 years have been an amazing journey for PHP.

nice info..

All is good now.. odd but all good.

Sure like to reproduce this, but I must be missing something. Got PHP going as a CGI and I still reproduce this.
Would like to know what I'm missing...
Nice post tho :)

"Additionally, major sites like, and many others were vulnerable up until early Friday morning."

I work on security at Facebook, and AFAIK we were never vulnerable at all. We're a bit past PHP-CGI at our current scale. If you're thinking of, I'd suggest you look a little closer :-).

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment