WordPress Theme Vulnerability

Included in many wordpress themes utility for resizing images timthumb.php, vulnerable to loading arbitrary PHP code.

There are several domains in the script config (flickr.com, picasa.com, blogger.com, wordpress.com, img.youtube.com, upload.wikimedia.org, photobucket.com) from which he is allowed to upload images.
')
Due to insufficient verification of the parameters passed, it is possible to upload the web shell to the server using the list of trusted domains to create subdomains with the same names. Those. timthumb.php considers the link blogger.com.hackersite.com/webshell.php legitimate and allows you to upload the script to the server.

Vulnerability discovered by Mark Mounder , after his blog was hacked.

Patched by timthumb.php