Application : WordPress TimThumb (Theme) Plugin
Versions Affected: 1.* – 1.32 (Only version 1.19 and 1.32 were tested.)
Exploit : Remote Code Execution
Easy of use : Moderate
Threat Level: High
Fix: Update to latest
ZeroDay : No
Credit: Mark Maunder, MaXe
External Website: http://www.binarymoon.co.uk/projects/timthumb/
What does it mean, do I have to do anything, if so what?
TimThumb is a PHP script that resizes images and is used in many WordPress themes. Because it doesn’t check to see if the image you’ve uploaded is an actual image or not, there is a possibility that code can be uploaded instead and then executed to run on your server. Code such as a PHPShell will give full access to your server.
You need to check that your WordPress theme is not affected by searching for the TimThumb plugin. If it is, delete or upgrade it. You can use a command line command like this -
find . | grep php | xargs grep -s timthumb
to find the file. Note that some themes may have renamed the timthumb files but this will identify those that do.
What happens if I leave it?
Your server will be hacked.
If you need further information on securing your server call us.