API tools faq
paste
Advertisement
trojanx15

Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-d

trojanx15
Jul 12th, 2014
284
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 0.99 KB | None | 0 0
raw download clone embed print report
  1. Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0-day)
  2.  
  3.  
  4. [+] Description
  5. ============================================================
  6. TimThumb is a small php script for cropping, zooming and resizing web
  7. images (jpg, png, gif). Perfect for use on blogs and other applications.
  8. Developed for use in the WordPress theme Mimbo Pro, and since used in many
  9. other WordPress themes.
  10.  
  11. http://www.binarymoon.co.uk/projects/timthumb/
  12. https://code.google.com/p/timthumb/
  13.  
  14. The original project  WordThumb 1.07 also vulnerable (
  15. https://code.google.com/p/wordthumb/)
  16. They both shared exactly the same WebShot code! And there are several
  17. projects that shipped with "timthumb.php", such as,
  18. Wordpress Gallery Plugin
  19. https://wordpress.org/plugins/wordpress-gallery-plugin/
  20. IGIT Posts Slider Widget
  21. http://wordpress.org/plugins/igit-posts-slider-widget/
  22.  
  23. All themes from http://themify.me/ contains vulnerable "wordthumb" in
  24. "<theme-name>/themify/img.php".
  25.  
  26. exploit : http://q9r.me/mbcz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!