Timthumb exploit in WordPress – how to find if you have it

Timthumb.php is sometimes named thumb.php or even maybe thumbnail.php, resize.php, crop.php or something else.

The quickest way to find it is to look inside your theme folder. WordPress by itself has a thumbnailer which does not have the vulnerability, so you may not have it. Usually it’s the theme’s author that may decide to use Tim Thumb to resize images.

If you can’t find it and are still concerned, and you use Cpanel file manager search your public_html folder for “thumb”.

If you really want to find and update TimThumb.php even if it’s using another name, SSH in to your server (if you can) and issue this command (from: http://wordpress.shadowlantern.com/2011/08/timthumb-php-is-vulnerable/)

find ~/public_html -type f -wholename “*wp-content*” -name “*.php” -print0 | xargs -0 grep -Hl “TimThumb”

PS. Here’s the updated TimThumb file that is patched:

http://code.google.com/p/timthumb/source/browse/trunk/timthumb.php

Leave a comment