How To Fix The Security Issue in Timthumb

admin — Thu, 18 Aug 2011 15:23:42 +0000

How To Fix The Security Issue in Timthumb

Timthumb is the most popular image re-sizing script used in many WordPress themes and plugins. Recently a security vulnerability was found in it. This security vulnerability allowed anyone to upload any php file into the Timthumb cache directory and execute it to compromise the site.

One way to fix this security issue with timthumb is to NOT use timthumb at all. Just delete it. But make sure that your theme or plugin can work without it.

In case your theme or plugin depend on timthumb heavily and you must use it, then here’s the procedure to fix this security vulnerability.

First download the latest version of timthumb from this link. Rename it from timthumb.php.txt to timthumb.php.

Open this newly downloaded file and make sure that ALLOW_EXTERNAL is set to false.

define( ’ALLOW_EXTERNAL’, false );

Now make sure that the $allowedSites array is empty. In your new timthumb file, you will probably find this code,

$allowedSites = array(
‘flickr.com’,
‘picasa.com’,
‘img.youtube.com’,
);

Replace it with this code,

$allowedSites = array();

Now upload this newly downloaded and modified timhumb.php file on your web server to replace the existing timthumb file with it.

That’s it. Now you can use timthumb script safely. If you have any questions related to the timthumb security vulnerability or the procedure to fix this issue, then post it below.

Amazing kinect hack for wheelchairs

admin — Sun, 05 Jun 2011 19:08:56 +0000

Still has a long way to go, but I love seeing hacks like this. Vision of the future.

Orange County PBX Phone Systems, Business VoIP, Computer Support, Predictive Dialing & Voice Broadcasting

How To Fix The Security Issue in Timthumb

How To Fix The Security Issue in Timthumb

Amazing kinect hack for wheelchairs