comments 2

How to patch timthumb.php on your WordPress Theme

Do you ever know about Timthumb.php ? Timthumb.php is a tool to re-size images and create to be thumbnail in your website, timthumb.php is used in most WordPress themes, actually premium themes are the most using this tool. Timthumb.php is allow attacker to upload their PHP Backdoor file / PHP Shell into vulnerable themes and plugin, and the output of the file is saved on cache / temp folder in your themes directory with name formatted in MD5 of the source of file , example :

yoursite.com/wp-content/themes/vuln-themes/timthumb.php << this is the vulnerable , and here is how to exploit it : yoursite.com/wp-content/themes/vuln-themes/timthumb.php?src=[input your php shell here] Now I will tell you how to Patch this Vulnerable. 1. Don’t use the script at all: This is probably the best and recommended option for anyone who don’t know how to tweak the WordPress theme of his site. Ask your theme developer to permanently remove TimThumb script from your WordPress theme or find the files which are calling that TimThumb script. Delete those codes and don’t forget to delete the TimThumb directory as well (be careful, take a backup of your theme first). 2. TimThumb is not exclusive: There are quite a number of alternatives to consider. For example: you can use jquery plugins to resize internal images on your website. [adsense] 3. Patch it: If You must use the TimThumb Script, first patch the script to it’s latest version. Before using the script, open the timthumb.php file for editing, jump to line number 27 and remove the options for $allowedSites. The array should have no elements and it should look something like this: //external domains that are allowed to be displayed on your website $allowedSites = array(); remove the element of allowedSites 4. HTACCESS: Open up Notepad and dump the following code in it: Options -ExecCGI AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi Save the file as .HTACCESS and upload it to TimThumb’s cache folder (remember to save as “All Files and not as a text file). This HTACCESS file will prevent PHP and other scripting languages from being executed and anyone trying to access the files will get a 403 forbidden – access denied message. There are some way to Patch vulnerable from TimThumb.php . Maybe this article can help you to prevent your web from attacker. Need my help? you can talk with me on my Yahoo Messenger : mick_emo_boy@yahoo.com Glad to help each other

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *