Tag Archive for theme

Zero Day Vulnerability in timthumb.php is the main problem

Published on February 15, 2012 By Anti-Malware Admin


I was able to find and trace one of the hacks back to thumb.php file. This turned out to be an old version (1.08, 1.14, etc.) of the popular TimThumb script. It turned out there were a lot of old TimThumb script on the server. Many were found in plugins and others were in themes.

I wrote a script to identify old TimThumb files and upgrade them automatically. Now it looks like we finally have a secure server again.