Comments for Pixel Bunyip

Comment on How do I deactivate or remove my current Wordpress theme? by Salomon

Salomon — Thu, 17 May 2012 18:41:59 +0000

In order to remove the theme using ftp, in your Wordpress installation folder, browse to wp-content/themes and remove the folder of the theme you are wishing to remove.

In future to smoothly install your blog, use FreeWPInstaller.com

Cheers
References :
http://www.freewpinstaller.com

Comment on How do I deactivate or remove my current Wordpress theme? by Divine.project.team

Divine.project.team — Thu, 17 May 2012 17:55:59 +0000

To do it via FTP, you must connect to the FTP server, where your theme is located. Find your theme folder (usually it is \wp-content\themes) and remove/rename it. Pretty simple)

By the way, you can always create your own Wordpress theme with Divine Elemente.
References :
http://www.divine-project.com/

Comment on How do I deactivate or remove my current Wordpress theme? by Tim

Tim — Thu, 17 May 2012 17:12:59 +0000

There's two ways to change the theme of a wordpress.org site. Either you can log into your dahsboard, go to Appearance, and choose another theme and activate it OR you can go into your website via FTP and rename the current themes folder. This will force WordPress to use the default theme for your installation. I hope this helps!
References :

Comment on TimThumbCraft – Wordpress Theme Vulnerability by Kidde15

Kidde15 — Thu, 17 May 2012 14:34:12 +0000

DnB!
DnB!

Comment on TimThumbCraft – Wordpress Theme Vulnerability by maxel3g3nd

maxel3g3nd — Thu, 17 May 2012 14:33:56 +0000

Python. If you need …
Python. If you need any further help, I suggest you start with the basics, before diving into more advanced exploits like this, where you need to know how it works and why.

Comment on TimThumbCraft – Wordpress Theme Vulnerability by MrMacpluto

MrMacpluto — Thu, 17 May 2012 14:33:37 +0000

maxe is real legend …
maxe is real legend. you are my idol dude.

Comment on TimThumbCraft – Wordpress Theme Vulnerability by nknicracker

nknicracker — Thu, 17 May 2012 14:33:14 +0000

i have an error in …
i have an error in a real case:

remote host “xxx. xxx . com” not allowed
Query String : src= xxx . xxx . com / test.php
TimThumb version : 1.19

Comment on TimThumbCraft – Wordpress Theme Vulnerability by maxel3g3nd

maxel3g3nd — Thu, 17 May 2012 14:33:08 +0000

In this real case, …
In this real case, you haven’t fully understood how this exploit works. The video is simply a short demonstration of the exploit, not a complete tutorial as some things, has been left out for you to discover.

First, I recommend you read the entire blog entry at Exploit-DB. Then read the PoC (which is also located at Exploit-DB).

Then you need to understand, that the PHP file on your server, is executed as PHP, and not shown as raw text which it also has to be.

Comment on TimThumbCraft – Wordpress Theme Vulnerability by maxel3g3nd

maxel3g3nd — Thu, 17 May 2012 14:32:57 +0000

When you’ve …
When you’ve realized all this, you also need to understand, that the webmaster of your target, could easily open timthumb.php, and remove all externally allowed websites, or for that sake, patch it manually. This is why you always test advanced exploits like this locally, before you even attempt to do it on any remote targets (legally AND ethically).

There are also WAF’s (Web Application Firewalls), SPI Firewalls, etc. which can prohibit the exploit from working.

Enjoy!

Comment on TimThumbCraft – Wordpress Theme Vulnerability by nknicracker

nknicracker — Thu, 17 May 2012 14:32:53 +0000

Yes, is the …
Yes, is the Firewall Problem, because the .htaccess is correctly: AddType text/plain .php thx maxel