Search…

X3 Photo Gallery Support Forums

Search…
 
grimurnet
Experienced
Topic Author
Posts: 360
Joined: 17 Dec 2010, 04:50

timthumb.php

27 Aug 2011, 05:57

Hi, I was wondering if there is a file named timthumb.php in imagevue?
Because I got a e-mail from my host, telling me they found exploitable timthumb.php
They said it has to be updated to fix this issue.

"The timthumb.php file is a script commonly used in WordPress's (and other software's) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a "Malicious Website" by Google or other security authorities."
 
grimurnet
Experienced
Topic Author
Posts: 360
Joined: 17 Dec 2010, 04:50

Re: timthumb.php

27 Aug 2011, 08:17

grimurnet wrote:Hi, I was wondering if there is a file named timthumb.php in imagevue?
Because I got a e-mail from my host, telling me they found exploitable timthumb.php
They said it has to be updated to fix this issue.

"The timthumb.php file is a script commonly used in WordPress's (and other software's) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a "Malicious Website" by Google or other security authorities."
Sorry guys, it doesn't seem to be connected to imagevue, I found it in my wordpress setup. I used a ssh search command and found the bastard :-)
Hope you didn't have to go through all your files to search this issue
 
User avatar
Nick
Imagevue Hitman
Posts: 2872
Joined: 02 May 2006, 09:13

Re: timthumb.php

02 Sep 2011, 11:25

Timthumb is a 3rd-party script used by many Wordpress themes to create thumbnails. This is not connected to Imagevue.
firedev.com