[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day)

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day)
From: Lukasz Biegaj <l.biegaj@xxxxxxxxxxx>
Date: Tue, 01 Jul 2014 10:10:32 +0200

W dniu 24.06.2014 21:12, Ryan Dewhurst pisze:

I wonder how many WordPress 'assets' (plugins/themes) are affected by this.

Even if webshots is explicitly enabled, it needs two binaries thatusually are not available in most installations:http://blog.sucuri.net/2014/06/timthumb-webshot-code-execution-exploit-0-day.html#comment-1454359934

I've scanned several dozen of wp installations with various plugins andthemes and haven't found any with webshots enabled, though timthumb usedoften.


--
Łukasz Biegaj
NetShock.pl sp.j. - Rozwiązania internetowe


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] IDGuard v0.60
Next by Date: Re: [FD] AV scan on read vs write debate....
Previous by thread: [FD] IDGuard v0.60
Next by thread: Re: [FD] AV scan on read vs write debate....
Index(es):
- Date
- Thread