Submission + - Researchers Say PHP SuperGlobal Variables Are Critical Security Risks
The biggest culprit in the PHP universe may be a set of nine variables called SuperGlobals that provide programmers with development flexibility yet introduce dangerous vulnerabilities that allow attackers to externally modify these variables and run code of their choosing, conduct remote file inclusion, or bypass intrusion detection signatures.
Research released today by Imperva calls for a ban on SuperGlobal variables, vulnerabilities in which can be exploited to break application logic and hack servers hosting the wonky code. The result could be anything from fraud against online banking customers to loss of personal data.