WordPress TimThumb RFI Vulnerability used as Botnet Recruitment Vector
On thirst August 2011, Mark Maunder had reveal, through a defacement experience, that “timthumb.php” script, included in hundreds of WordPress themes, was vulnerable to remote file inclusion (RFI) attack. TimThumb is small php script for cropping, zooming and resizing web images (jpg, png, gif). The default configuration of “timthumb.php” script, in many WordPress themes, allow … Continue reading WordPress TimThumb RFI Vulnerability used as Botnet Recruitment Vector