[Cialug] wordpress vulnerability in the wild

Josh More MoreJ at alliancetechnologies.net
Thu Aug 4 16:15:13 CDT 2011


It's also called thumb.php in some bundles... however, other systems do this too.

$ find /path/to/wordpress -iname "*thumb.php"

will locate them for you.  Then grep each file for "allowedSites" to know if you have a contender.

(Bonus points for the first person to tell me I'm stupid and modify my find line with "exec" so it does the grep too.  ;)

Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net<http://www.AllianceTechnologies.net>
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701

Blog: Public attacks are on the rise.  Are you protecting yourself?
http://www.alliancetechnologies.net/blogs/morej

How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Matthew Nuzum [newz at bearfruit.org]
Sent: Thursday, August 04, 2011 16:14
To: dsmwebgeeks; Central Iowa Linux Users Group
Subject: [Cialug] wordpress vulnerability in the wild

Check your Wordpress themes for a file called timthumb.php, it can be exploited to allow people to upload code to your server and hack your website:
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

You may not have the file, it's only included in some add-on themes, it's not part of Wordpress itself, however it is apparently pretty common.

--
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter


♫ You're never fully dressed without a smile! ♫

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110804/ab4adef9/attachment-0001.html>


More information about the Cialug mailing list