critical zero day wordpress security flaw with timthumb.php

09Aug

critical zero day wordpress security flaw with timthumb.php

by Craig Mayhew on Tue 9th Aug 2011 under General
In a nutshell, timthumb.php is used to resize images in many wordpress themes and it doesn't check images from remote sources to make sure they really are images and not a malicious script.

To fix you need to change $allowed sites to be an empty array.

e.g. $ALLOWED_SITES = array();

An example of what you may initially find:

$ALLOWED_SITES = array (
'flickr.com',
'picasa.com',
'img.youtube.com',
'upload.wikimedia.org',
'photobucket.com',
'imgur.com',
'imageshack.us',
'tinypic.com'
);

If you have been affected then you need to clear out the infection on your server:

Search your wordpress directory for the base64_decode function and make sure you don't have any odd looking long encoded strings anywhere.

wordpress   zero day  




© 2018 Craig Mayhew