Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day)

From: Lukasz Biegaj <l.biegaj () netshock pl>
Date: Tue, 01 Jul 2014 10:10:32 +0200
W dniu 24.06.2014 21:12, Ryan Dewhurst pisze:

I wonder how many WordPress 'assets' (plugins/themes) are affected by this.
Even if webshots is explicitly enabled, it needs two binaries that usually are not available in most installations: http://blog.sucuri.net/2014/06/timthumb-webshot-code-execution-exploit-0-day.html#comment-1454359934
I've scanned several dozen of wp installations with various plugins and themes and haven't found any with webshots enabled, though timthumb used often. 

--
Łukasz Biegaj
NetShock.pl sp.j. - Rozwiązania internetowe


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: