What To Do When You Find Out The Programming Language You Use Allows People To Perform A Shell Code?

As a programmer, you know that there are a lot of programming languages for you to use out there. When the average person sees a program on the computer they have no idea how it was created and what it was made from. But you as a programmer know. A lot of the time you can tell how it moves and how it performs by what language it was written in. Not all of the time but a good amount of the time you can tell. This is especially true if it is a language that you have programmed in before.


There is a good reason why there are so many languages out there. People like to work in many different ways and there is no one programming language that covers all of those cases. There are some programming languages that allow you to look at the code like it is normal everyday objects and you put it together like a puzzle. There are other programming languages that take a more mathematical approach. Depending on the type of person you are will depend on which of these language types you use the most.

But the one thing about programming languages is that no matter which one you use, they are all based on the same underlying structure. That means that they all boil down to machines code that will allow the processor to be able to translate the instructions. And since they all boil down to the same machine code that means that they could all have the possibility of having some type of security hole in them.

While it may be true that all programming languages have a chance to have a serious security bug in them, and they all do at one point or another, what is not true is the rate at which they get them. Some programming languages have more security holes than others. It is the way that they were created that allows this to happen. A lot of the time the holes come from features that seemed like a good idea at the time but in the future turned out to be not so great of an idea. One of the main languages that is like this is the PHP programming language.

Just recently it was found out that there was a serious remote exploit poc in the wild that was against the modern version of PHP (hunt around http://packetstormsecurity.org if you want to find out more). In one of the functions that is central to the language, you are able to run a piece of shell code that will allow the attacker to take over your server. While you cannot stop holes from showing up when it comes to the base programming language that you use, you can turn a critical eye to programming languages that this seems to always happen to.

The PHP programming language has to take a more serious look when it comes to security. While it has taken great strides from where it used to be, that is still not enough. There are still way too many security holes being found for the criticism to stop now. PHP is one of the most widely used languages in the world so the security of the language has to be emphasized more than others.

When it comes to programming languages, you have to be sure that what you are using is safe. And if it does have problems you need to be able to identify the problems early on so you can avoid them if you are still going to use the language.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. I still prefer using PHP than other script. In my opinion PHP still the best script even there are some problem sometimes.

  2. Actually, im not expert on PHP script, but im sure in PHP has some disadvantage as any other script has. All Script has disadvantage and advantage it self, just what we prefer to do with, it the more important.

  3. Frederick says:

    This is such a nice and useful information for us… i appreciate urs work… much good security advices here everday

  4. This is really a good piece of information but will be more valuable if you put some example and solution of those problems

Speak Your Mind