Aug 5, 2011

Zero Day in TimThumb | Risk for many Wordpress Blogs


The flaw is in an image utility called TimThumb which is used in a LOT of premium themes for generating on the fly thumbnails, you can check it out (and grab the latest version) here
Attackers are exploiting a widely used extension for the WordPress publishing platform to take control of vulnerable websites, one of the victims has warned.
The vulnerability affects virtually all websites that have an image-resizing utility called TimThumb running with WordPress, Mark Maunder, CEO of Seattle-based Feedjit, wrote in a post published Monday. The extension is “inherently insecure” because it makes it easy for hackers to execute malicious code on websites that use it. At least two websites have already been compromised, he reported.
Maunder said he found the vulnerability after discovering his own website, markmaunder.com, was suddenly and inexplicably loading advertisements, even though the blog wasn’t configured to do so.
After a thorough investigation, he learned that an attacker had used TimThumb to load a PHP file into one of his site directories and then execute it. The utility, he said, by default allows files to be remotely loaded and resized from blogger.com, wordpress.com, and five other websites and doesn’t vet URLs for malicious strings, making it possible to upload malicious payloads.
One of the first people that was hit was a WordPress developer himself (which is a good thing as it means we get a quick fix), a new more secure version (hopefully) is in the works and the developer has pushed out some quick fixes in the current version to make it harder to exploit.
You can grab the latest TimThumb.php code here:
There are also a lot more details on how to fix the problem on Mark Maunder’s blog

Via - Darknet

0 comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More