Code Injection in Signed PHP Archives (Phar)

Code Injection in Signed PHP Archives (Phar)

PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts some additional security benefits by signing archives with a digital signature, disallowing the modification of the archives on production machines.

According to the official PHP documentation:

Phar can compress individual files or an entire archive using gzip compression or bzip2 compression and can verify archive integrity automatically through the use of MD5, SHA-1, SHA-256 or SHA-512 signatures….

Continue reading Code Injection in Signed PHP Archives (Phar) at Sucuri Blog.

Via Sucuri.net

Tags:

No comments yet.

Leave a Reply