timthumb.php shouldn't leak version info

qiaofan / timthumb

Automatically exported from code.google.com/p/timthumb

0 stars 0 forks source link

timthumb.php shouldn't leak version info #215

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. Visit timthumb.php with no arguments
2. Note that the version # is output

This makes it trivial to scan for vulnerable versions, and doesn't really add 
anything. 

timthumb.php should not output version information. 

Patch attached.

Original issue reported on code.google.com by leewilli...@gmail.com on 2 Aug 2011 at 7:05

Attachments:

less_leakage.txt

GoogleCodeExporter commented 8 years ago

Less aggressive patch.

Original comment by leewilli...@gmail.com on 2 Aug 2011 at 7:09

Attachments:

less_leakage.txt

GoogleCodeExporter commented 8 years ago

fixed - thanks for the suggestion

Original comment by BinaryMoon on 3 Aug 2011 at 5:32

Changed state: Fixed