> -----Original Message-----
> From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of
> Daniel Brown
> Sent: Thursday, May 31, 2012 1:52 PM
> To: Tedd Sperling
> Cc: php-general General
> Subject: Re: [PHP] cyberweaponry
> On Thu, May 31, 2012 at 1:21 PM, Tedd Sperling <t...@sperling.com> wrote:
> > So, my question to the group -- has PHP produced any viruses? If not,
> it? If so, can anyone elaborate on the details?
> To my own memory, viruses by definition, no. However, with that said,
> there's tons of PHP malware, including self-replicating worms that target
> certain vulnerabilities (such as known exploits in versions of WordPress).
> fact, one of the most common PHP-scripted attacks on the web is against an
> individual script, which has been packaged in with many other PHP
> applications - including WordPress - over the years. The script, known as
> TimThumb, has an extremely well-known vulnerability in past versions,
> are still in widespread use today.
Just to be clear, WordPress core never included TimThumb. It was included in
some Premium themes and various plugins (still is in some plugins). A lot of
the vulnerabilities found in TimThumb have been patched however, the main
issue with it has been the loading of files from external websites and then
caching them on the server where the instance of WP resides. Just wanted to
make sure we don't create a panic.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php