0Day Vulnerability in WordPress themes

Included in many wordpress themes utility for image resizing timthumb.php, is vulnerable to arbitrary loading PHP-code.

In it’s config script has several domains from witch it is allowed to upload images:

  • flickr.com
  • picasa.com
  • blogger.com
  • wordpress.com
  • img.youtube.com
  • upload.wikimedia.org
  • photobucket.com

Because of lack of validation, it is possible to load a phpshell to the target wordpress blog. Other words timthumb.php utility finds link blogger.com.hackersite.com / webshell.php legitimate and allows you to load a script to the server.
Vulnerability found Mark Maunder , after his blog was hacked.
p.s. you can download patched version from here patched timthumb.php

Leave a Reply

Your email address will not be published. Required fields are marked *