[Cialug] wordpress vulnerability in the wild
Josh More
MoreJ at alliancetechnologies.net
Thu Aug 4 16:15:13 CDT 2011
It's also called thumb.php in some bundles... however, other systems do this too.
$ find /path/to/wordpress -iname "*thumb.php"
will locate them for you. Then grep each file for "allowedSites" to know if you have a contender.
(Bonus points for the first person to tell me I'm stupid and modify my find line with "exec" so it does the grep too. ;)
Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net<http://www.AllianceTechnologies.net>
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701
Blog: Public attacks are on the rise. Are you protecting yourself?
http://www.alliancetechnologies.net/blogs/morej
How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Matthew Nuzum [newz at bearfruit.org]
Sent: Thursday, August 04, 2011 16:14
To: dsmwebgeeks; Central Iowa Linux Users Group
Subject: [Cialug] wordpress vulnerability in the wild
Check your Wordpress themes for a file called timthumb.php, it can be exploited to allow people to upload code to your server and hack your website:
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/
You may not have the file, it's only included in some add-on themes, it's not part of Wordpress itself, however it is apparently pretty common.
--
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter
♫ You're never fully dressed without a smile! ♫
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110804/ab4adef9/attachment-0001.html>
More information about the Cialug
mailing list