|
Zero Day Vulnerability in many WordPress Themes
If you are using a theme that re-sizes images then you are mostly likely using a version of TimThumb.php.
There is a fix.... URL: http://markmaunder.com/2011/zero-day...dpress-themes/ ================ Update: Ben, the developer of timthumb has been in contact and is working on a fix. His own site was hacked Friday using the same method. I?ve submitted a tiny patch and if you?re a solid PHP hacker it?d be great if you could eyeball the code with us and submit a patch (really easy to do on Google code) if you spot any other opportunities for cleanup (there are many). Given enough eyeballs? you know the quote. The Exec summary: An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven?t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you?ve been compromised.............. http://markmaunder.com/2011/zero-day...dpress-themes/ |
Bump fixed mine up, thanks
|
i dont use it
|
Thanks for this.
|
Thanks for the heads up, man. :-)
|
Thanks, had it on a couple blogs.
|
A lot of Themeforest authors rely on TimThumb heavily instead of using WP built-in functions. Definitely check your themforest themes for timthumb.php
|
Quote:
Everybody pretty much uses this script or modify it a bit. Well, at least I now know how to exploit a WordPress site using TimThumb |
Discussion on Google Code seems to be ongoing about whether the fix is good enough or not.
http://code.google.com/p/timthumb/issues/detail?id=212 |
Sucks for you guys...
|
when the day wil come, when wp wont need updates....?
|
Quote:
|
Quote:
Quote:
either way, personally, I couldn't care less, I don't use timthumbs since like 4 years ago. It was nice and OK if you didn't mind the look of your site, but it gets very random results. WP built in image features might not be as complete, but they're 100 times better :2 cents: |
Dumb question here... but is there a quick way to search my WP installs for this file? I know it's not one I have installed as a plugin but as said many themes and plugins use it that I may not be aware of.
|
Quote:
|
Quote:
|
Quote:
Code:
ssh; |
find ./ -name timthumb.php
|
Quote:
|
luckily, i dont have timthumb.php on my server.
|
Quote:
|
Quote:
http://code.google.com/p/timthumb/so...k/timthumb.php and then secured it by http://markmaunder.com/2011/zero-day...dpress-themes/ thanks guys.... |
Quote:
Code:
stat /var/lib/mlocate/mlocate.dbYeah, mine is 8 hours + old ... |
Quote:
|
Quote:
No, a LINUX ... |
i have dozens that may use timthumb :helpme not going to be a fun weekend :mad:
|
| All times are GMT -7. The time now is 05:05 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123