Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   New Versions, & Updating (http://forum.bytesforall.com/forumdisplay.php?f=12)
-   -   Source code disclosure (http://forum.bytesforall.com/showthread.php?t=15667)

kletskater Oct 16, 2011 12:44 PM

Source code disclosure
 
Source code disclosure (http://www.xxxxxxx.nl/?bfa_ata_file=css)

Repeated alert: this alert was first issued on 7 Oct 2011 09:49:55 PM. You need to resolve or ignore this alert.

Source code patterns were found on this page. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.

Alert details

http://www.xxxxxxx.nl/?bfa_ata_file=css

Source code

<?php bloginfo('template_directory');?>

Solution
It is recommended to prevent this information from being displayed to the user.

I am using WP 3.2.1 and ata 3.7.1(unattended)how can I secure ata from potentional hacking?

juggledad Oct 16, 2011 01:16 PM

This is how the theme accesses the CSS when you set ATO->Configure CSS & JS->CSS: External file or inline? TO 'EXTERNAL'

kletskater Oct 16, 2011 01:55 PM

thanks juggledad for your quick responce..
I changed the css and js settings(can't remember setting them on external)


All times are GMT -6. The time now is 09:03 AM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.