I am trying to upload remotely a php file into a web page, it has TimThumb version : 1.28 with the well known timthumb.php vurnable file. but after I upload the php file when I open it from its cache it doesnt execute! I dont know what stops it from executing! I saw the changes they made in the timthumb.php where they add .txt to every file that goes into the cache folder, but it was added in a newer version not in this version, so I am really confused what stops it from executing! By the way this is just for learning purpose.
Share
If the file’s named
whatever.php.txton the server, then it’s going to be seen as a TEXT file by the server, not a PHP file, and served up as such. You could tell the server to treat .txt files as PHP files, which’d run the file+code through the PHP interpreter, but then you’ve simply re-opened the security hole that timthumb patched with the.txtaddition.e.g. you’d still be vulnerable to remote hacks.