Results 1 to 1 of 1
-
29th Jun 2014, 01:30 PM #1
TimThumb’s Webshot Zero-Day Receives a Fix
Three days ago, a zero-day vulnerability was discovered in TimThumb, a plug-in used in numerous blogs and applications designed to resize images. Today, the developers have released a fix that can be applied by updating to the latest version (2.8.14) of the utility.
TimThumb is a PHP script that can help with cropping, zooming and resizing JPG, PNG and GIF images into thumbs. Its versatility led to adoption in many WordPress themes.
The vulnerability affected the Webshot feature in TimThumb, which permits taking snaphots of web pages rendered as if grabbed from a web browser and then processes them into screenshots.
Exploiting the security flaw would allow a potential attacker to execute certain commands on the vulnerable website without requiring any authentication. Basically, the intruder would have access to the data stored on the server and be able to add malicious code to be served to unsuspecting visitors.
Daniel Cid of Sucuri has presented the code that could be used by cybercriminals to create and remove any files on the server using the -rm and -touch commands:
“http://vulnerablesite.com/wp-content/plugins/pluginX/timthumb.php?webshot=1&src=http://vulnerablesite.com/$(rm$IFS/tmp/a.txt)
http://vulnerablesite.com/wp-content/plugins/pluginX/timthumb.php??webshot=1&src=http://vulnerablesite.com/$(touch$IFS/tmp/a.txt)”
Only administrators that activated it from the TimThumb script ran the risk of being plundered. Furthermore, even if enabled, executing the Webshot code requires two server-side extensions to be installed.
Also, as soon as the word on the zero-day got out, the obvious fix was to disable the feature, which many hurried to do.
If updating to the latest version of TimThumb is not possible, it is advisable to check if the affected feature is turned on or off; simply open the TimThumb script and look for the “WEBSHOT_ENABLED” string. If found, make sure that it is set to “false.”
There is no information on whether the exploit provided on the Full Disclosure mailing list was successfully used in the wild.
It seems that the public disclosure of the exploit leveraging the security flaw took TimThumb developers by surprise as they received no information about it.
Back in 2011, TimThumb’s security holes were exploited and thousands of WordPress websites were compromised; this was carried out with the Blackhole toolkit that took advantage of the vulnerability in the PHP script and allowed uploading and executing malicious code in the cache directory, which downloaded other malicious files.Kepler Reviewed by Kepler on . TimThumb’s Webshot Zero-Day Receives a Fix http://i1-news.softpedia-static.com/images/news-700/TimThumb-s-Webshot-Zero-Day-Receives-A-Fix.jpg Three days ago, a zero-day vulnerability was discovered in TimThumb, a plug-in used in numerous blogs and applications designed to resize images. Today, the developers have released a fix that can be applied by updating to the latest version (2.8.14) of the utility. TimThumb is a PHP script that can help with cropping, zooming and resizing JPG, PNG and GIF images into thumbs. Its Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Internet Explorer zero-day flaw being used to hijack Gmail accounts
By ShareShiz in forum News & Current EventsReplies: 3Last Post: 13th Jun 2012, 11:45 PM -
[GET] Newbie Money Making Method 50$ a Day [ZERO investment]
By hacktheworld in forum Tutorials and GuidesReplies: 1Last Post: 13th Jul 2011, 06:52 AM -
How many days it takes for you to receive money from Paypal ?
By pankaj in forum Polling PlazaReplies: 9Last Post: 26th May 2011, 03:46 AM -
how many pms you sent/receive per day?
By CyberAff in forum General DiscussionReplies: 28Last Post: 17th May 2011, 01:52 AM -
i want paypal with zero balance for 2 days
By maafiamandeer in forum Completed TransactionsReplies: 8Last Post: 17th Nov 2010, 01:58 AM
themaManager - edit and manage...
Version 4.04 released. Open older version (or...