UPDATE: WordThumb has now been merged into TimThumb and has become TimThumb 2.0. Please head over to the TimThumb site now for updates and to get the code.
The latest version of wordthumb (just uploaded) uses a public cache again (same place timthumb does) because many system temporary folders are not writeable.
This public cache is part of what caused the timthumb vulnerability, so I’ve made it more secure as follows:
- Using a .txt extension for all files so servers won’t execute the files when accessed.
- Using an md5 salt to prevent hackers knowing what filenames are to make things a little harder. On a badly configured server they could still get a directory index and access files that way.
- Added a <?php die(); ?> to the start of ever file cached. That way if a hacker manages to guess a filename and for some reason the server decides to execute a .txt file, as a last resort it will simply die.
Leave a Reply