^ Scroll to Top
Contact us | Login

TimThumb Exploit and Fix Package Tim-Scan

This is a HUGE EXPLOIT first discovered at the start of August 2011. This exploit affects timthumb.php up to version 1.33, timthumb is a PHP image resizing script that is used by thousands of websites and is included in alot of wordpress themes. Basically if a hacker finds a vulnerable version of this script on your site they can do almost anything including steal your whole database and deface or delete or spam hijack your site.

The Exploit

This is surprisingly  simple, i must admit the after reading about the exploit i decided to see if i could re-create it and started messing with trying to fool the script into thinking my .php file was an image by changing the mime type – that didn’t work, i then tried inserting some PHP code into the end of a small image, i had some success with that but i then realised it is even more simple than that.

The whole reason for the exploit is that the script allows you to use images from a few other sites such as flickr.com and picasa.com, bu the check on these domains is easily fooled, so you could throw together a few sub-domains and have http://flickr.com.thebaddies.com/MyBadFile.php If you then tell timthumb.php to use that as an image it will first copy the file to a /temp/ folder and then throw the error “Unable to open image” the script then tells you the location of the PHP file and you can go execute it. (i’m leaving out a little detail so Jo Blogs can’t do it it his mate Dave’s site)

I run a load of wordpress sites and after having a go at the exploit and realising how easy it was, i wrote a script to check for vulnerable versions and update them and also scan for any nasty code left by any hackers.

If you are interested my script is available here ~> http://code.google.com/p/timthumb-updater/downloads/list

EDIT*  i have added a video with basic instructions, as requested…

6 Responses to “TimThumb Exploit and Fix Package Tim-Scan”

  1. Andy says:

    Just used your script and it worked a treat – excellent job and thanks :-)

  2. Tom says:

    For the witless, could you give a tutorial on how to use the script?

  3. Stiofan says:

    Hi Tom, i have added a video with instructions, please also download the latest version (1.2) it’s easier to use.
    Thanks,

    Stiofan

  4. Stiofan, thanks for writing this script for us non-programmer guys! I became aware of Tim Thumb Exploit just today when I got an email from my hosting company stating they had patched 3 files but I was responsible for making sure there were no other exploits. Your script made it very easy. I ended up finding 4 other themes were tim-thumb.php had to be patched. Thanks again, you saved me an incredible amount of time!

  5. Jan says:

    Thanks Stiovan it works great. Nice to have a way to check if the new timthumb was really working.

  6. ric says:

    Works great.. thank you

Leave a Reply