Tuesday, July 12, 2011

Timthumb.php …many themes

SkyHi @ Tuesday, July 12, 2011
Timthumb is a php script for smart image resizing used on many WordPress themes, timthumb versions 1.24 and lower have numerous vulnerabilities.
Since TimThumb is used by many commercial and free themes makers, this exploit easily effects thousands of sites.

Fix: Check your timthumb.php file , usually within one of your theme’s subdirectory’s the version number is in the file under
1
define ('VERSION', '1.23');
Download latest timthumb.php from the link below and replace if if your version is below 1.25.
Exploit Type: XSS , DoS.
Version: TimThumb 1.24

Credit: http://websecurity.com.ua
Reference: http://packetstormsecurity.org/files/view/100411/timthumb-xssdisclosedos.txt
Download: http://code.google.com/p/timthumb/
http://www.wpsecure.net/2011/04/timthumb-php-many-themes/