Wordpress precondition failed
Posted by Technical Manager, Last modified by Technical Manager on 23 April 2015 10:49 AM
Mass infection of WordPress sites due to TimThumb
Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.
TimThumb is included in a lot of WordPress plugins and themes (free and paid). Exploiting this vulnerability an attacker can upload and excute a PHP file of his choice on a vulnerable website.
By default the script allows uploding files from a list of trusted external domains specified below:
// external domains that are allowed to be displayed on your website $allowedSites = array ( 'flickr.com', 'picasa.com', 'blogger.com', 'wordpress.com', 'img.youtube.com', );
It should not be possible to upload files from another external domain. However, the check is flawed because you can bypass it using a domain like blogger.com.hacker.com. This domain passes the check but belongs to hacker.com, making the script exploitable.
Hackers are already exploiting this vulnerability in the wild and there are thousands of sites hacked.
Does Anti Malware Plugin protect against this vulnerabiliy?
Yes. All requests made in order to exploit this vulnerability are denied with a "Precondition Failed" error message.
Your vulnerable WordPress sites are safe.
If you install AM plugin after hacked, then you should scan your accounts and delete all possible backdoors/malware already installed.