Skip to content
/ vulnerable_phpThumb Public

A simple python script which tries to find domains that still use vulnerable phpThumb versions.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

connar/vulnerable_phpThumb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
find_phpThumb.py
find_phpThumb.py
 
 

Repository files navigation

What is this about

This is a script I made which scrapes the web using dorks to find domains that still use vulnerable versions of the phpThumb php script.

What is phpThumb

phpThumb is basically a PHP script that provides image resizing, cropping, and manipulation capabilities for web applications when loading images basically. It is often used as a server-side image processing solution to generate thumbnails, resize images, apply filters, and perform other image-related tasks dynamically.

Vulns

Turns out specific versions of this php script are vulnerable to RCE and SSRF. Specifically:

  • versions ranging from 1.7.9 and bellow are vulnerable to RCE (CVE-2010-1598).
  • version 1.7.12 is vulnerable to SSRF (CVE-2013-6919).

Output example

Running the script we get a table with some of the domains found, their phpThumb versions (if found) and the vulnerability that they probably have: image

About

A simple python script which tries to find domains that still use vulnerable phpThumb versions.

Topics

python rce bugbounty ssrf google-dorks dork googlesearch phpthumb cve-2010-1598 cve-2013-6919

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Packages

No packages published

Languages