Message-ID: <005f01cc090a$b3d49c40$0201a8c0@ml>
Date: Mon, 2 May 2011 23:50:42 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>
Subject: Vulnerabilities in multiple themes for
	ExpressionEngine (update)

Hello list!

It's additional information concerning vulnerabilities in multiple themes 
for ExpressionEngine, which I informed earlier.

Recently Bjorn Borresen, author of ports of WooThemes' themes for 
ExpressionEngine (which was hired by WooThemes for porting their themes for 
this engine), informed me that he made his own version of TimThumb for using 
in EE named Teemthumb. And in this version of web application other 
approaches are used, which makes it immune to this attacks. Which I checked 
after looking to its code (the parameters are passing to the script only in 
code of the templates, i.e. attacks via GET parameters are not possible).

Taking into account that I contacted WooThemes at 6th of March concerning 
their themes for other engines beside WP and they agreed with me (and thus 
confirmed that these themes are vulnerable) and told me nothing that in any 
of their themes non original versions of TimThumb are used, then this 
inaccuracy I leave on their conscience.

So mentioned themes for EE are not vulnerable directly to these attacks, 
unlike mentioned by me themes for WordPress, Drupal and Joomla (and also 
components for Joomla). But these themes for EE can be attacked locally, at 
access to theme editing (so I've gave additional recommendations to the 
author). All other themes for EE, which are using original TimThumb, will be 
vulnerable.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists