Full Disclosure mailing list archives
Re: Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day)
From: Lukasz Biegaj <l.biegaj () netshock pl>
Date: Tue, 01 Jul 2014 10:10:32 +0200
W dniu 24.06.2014 21:12, Ryan Dewhurst pisze:
Even if webshots is explicitly enabled, it needs two binaries that usually are not available in most installations: http://blog.sucuri.net/2014/06/timthumb-webshot-code-execution-exploit-0-day.html#comment-1454359934I wonder how many WordPress 'assets' (plugins/themes) are affected by this.
I've scanned several dozen of wp installations with various plugins and themes and haven't found any with webshots enabled, though timthumb used often.
-- Łukasz Biegaj NetShock.pl sp.j. - Rozwiązania internetowe _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) Lukasz Biegaj (Jul 01)