Wordpress Themes - WP Forum at BFA
Click here to register or to donate.
Auto self-registration is not available here - far too many spammers. This forum has many, many backlinks and because of that there is an intense desire among spammers to drop their links here.

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme » New Versions, & Updating »

?bfa_ata_file=css Source Code Disclosure

Old Jul 3, 2011, 08:51 AM
KatyDigg's Avatar
319 posts · Jul 2009
Hi Folks!

WP 3.1.4

ATA 3.6.7

> All 3.6.7 Bug Fixes employed.

> CSS is set to External.

I've just had scan result from WebsiteDefender:

ALERT Source code disclosure (http://www.xxxxxx/?bfa_ata_file=css)

<?php bloginfo('template_directory');?>

Source code patterns were found on this page. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.


1) On 3.6.4. site(s) - having run WebsiteDefender - this issue does not occur.

2) Only, seemingly, occurs on 3.6.7 site (with the 3.6.7 bug fixes employed).

[By the way, I have NOT, ever, used the plugins AddThis, WP Touch or W3 Total Cache - on any site]

Last edited by KatyDigg; Jul 4, 2011 at 02:54 AM. Reason: update - edit in
Old Jul 4, 2011, 06:01 AM
juggledad's Avatar
23,682 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
was the site in 3.6.4 using CSS external or internal?
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
Old Jul 4, 2011, 07:29 AM
KatyDigg's Avatar
319 posts · Jul 2009
Originally Posted by juggledad
was the site in 3.6.4 using CSS external or internal?
Ah, good point, Juggledad, I'll away and find out right now.


Actually, just had a look and the 3.6.4 site is using CSS inline/internal.

Last edited by KatyDigg; Jul 4, 2011 at 07:37 AM. Reason: 3.6.4 site is using CSS inline/internal
Old Jul 11, 2011, 03:38 AM
KatyDigg's Avatar
319 posts · Jul 2009
Simply wish to include this reference link, so as to come back to later.

CSS all dumped into the <head> of the files. Why?



css, source code disclosure, websitedefender, wp security scan

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with editing source code... RJelley Atahualpa 3 Wordpress theme 5 Mar 22, 2011 12:05 PM
[SOLVED] Source code prooffairy Plugins & Atahualpa 2 Nov 9, 2010 09:12 AM
How do I splice two images into one header in the atahualpa source code? carlos123 Header configuration & styling 4 Aug 15, 2010 03:12 PM
Output HTML source code is bloated islandman Header configuration & styling 3 Sep 18, 2009 09:38 AM
Style from source to CSS stylesheet file? kartun11 Atahualpa 3 Wordpress theme 3 Feb 12, 2009 04:35 PM

All times are GMT -6. The time now is 07:42 PM.

Powered by vBulletin® Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.