Latest Post
Update to the latest timthumb.php file on your wordpress site
I came across a latest security vulnerability while working on my client’s wordpress website yesterday. Its the timthumb.php file, a script commonly used in WordPress’s (and other software’s) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a “Malicious Website” by Google or other security authorities.
Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, its advisable to update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files. Note that patching the files requires more in-depth knowledge of the PHP scripting language.
The updated version of timthumb.php can be found here:
http://timthumb.googlecode.com/svn/trunk/timthumb.php
You can find additional information regarding the compromise can be found at the following two websites,
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
http://redleg-redleg.blogspot.com/2011/08/malware-hosted-newportalsecom.html
Happy Blogging 
Dipesh
