<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr; font-family: Verdana; color: rgb(0, 0, 0); font-size: 13px;">
<div style="">It's also called thumb.php in some bundles... however, other systems do this too.<br>
<br>
$ find /path/to/wordpress -iname "*thumb.php"<br>
<br>
will locate them for you. Then grep each file for "allowedSites" to know if you have a contender.<br>
<br>
(Bonus points for the first person to tell me I'm stupid and modify my find line with "exec" so it does the grep too. ;)<br>
</div>
<div><br>
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Verdana; font-size: 13px;">
<div style="font-size: 13px;">
<div style="font-size: 13px;">
<div style="font-size: 13px;">
<div style="font-size: 13px;"><font size="3"><span style="font-weight: bold;">Josh More</span></font> | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH<br>
<span style="font-weight: bold;">Alliance Technologies</span> | <a href="http://www.AllianceTechnologies.net" style="color: rgb(255, 0, 0);">
www.AllianceTechnologies.net</a><br>
400 Locust St., Suite 840 | Des Moines, IA 50309<br>
515.245.7701 | 888.387.5670 x7701<br>
<br>
Blog: Public attacks are on the rise. Are you protecting yourself?<br>
<a href="http://www.alliancetechnologies.net/blogs/morej" style="color: rgb(255, 0, 0);">http://www.alliancetechnologies.net/blogs/morej</a><br>
<br>
How are we doing? Let us know here:<br>
<a href="http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey">http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey</a><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0, 0, 0); font-size: 16px;">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF194878"><font color="#000000" size="2" face="Tahoma"><b>From:</b> cialug-bounces@cialug.org [cialug-bounces@cialug.org] on behalf of Matthew Nuzum [newz@bearfruit.org]<br>
<b>Sent:</b> Thursday, August 04, 2011 16:14<br>
<b>To:</b> dsmwebgeeks; Central Iowa Linux Users Group<br>
<b>Subject:</b> [Cialug] wordpress vulnerability in the wild<br>
</font><br>
</div>
<div></div>
<div>Check your Wordpress themes for a file called timthumb.php, it can be exploited to allow people to upload code to your server and hack your website:
<div><a href="http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/" target="_blank">http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/</a><br clear="all">
<br>
</div>
<div>You may not have the file, it's only included in some add-on themes, it's not part of Wordpress itself, however it is apparently pretty common.</div>
<div><br>
-- <br>
Matthew Nuzum<br>
newz2000 on freenode, skype, linkedin and twitter<br>
<br>
<p></p>
<p><span>♫</span> You're never fully dressed without a smile! <span>♫</span></p>
<p></p>
<br>
</div>
</div>
</div>
</div>
</body>
</html>