Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“
TimThumb is included in a lot of WordPress plugins and themes (free and paid). Exploiting this vulnerabilityan attacker can upload and excute a PHP file
of his choice on a vulnerable website. Here is the vulnerable code.
By default the script allows uploding files from a list of trusted external domains specified below:
// external domains that are allowed to be displayed on your website
$allowedSites = array (
It should not be possible to upload files from another external domain. However, the check is flawed because you can bypass it using a domain like blogger.com.hacker.com. This domain passes the check but belongs to hacker.com, making the script exploitable.
Hackers are already exploiting this vulnerability in the wild (for example we’ve seen instances of this script being used in exploits : hxxp://blogger.com.zoha.vn/db/load.php)
출처 : websitedefender.com