Wordpress Themes - WP Forum at BFA
Click Here To DONATE! Support the theme development, get more attention and additional benefits based on your donation level. Your forum name will be highlighted.

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme » New Versions, & Updating »

?bfa_ata_file=css Source Code Disclosure


Build custom WP THEMES, without
coding. Click here for THEMEFRAME
From the author of Atahualpa, the #1 most
downloaded (700,000+) theme @ wordpress.org
  #1  
Old Jul 3, 2011, 08:51 AM
KatyDigg
 
302 posts · Jul 2009
Diamond Member - Level 3 
Hi Folks!

WP 3.1.4

ATA 3.6.7

> All 3.6.7 Bug Fixes employed.

> CSS is set to External.

I've just had scan result from WebsiteDefender:

ALERT Source code disclosure (http://www.xxxxxx/?bfa_ata_file=css)


http://www.xxxxxx/?bfa_ata_file=css
<?php bloginfo('template_directory');?>


Source code patterns were found on this page. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.


EDIT:

1) On 3.6.4. site(s) - having run WebsiteDefender - this issue does not occur.

2) Only, seemingly, occurs on 3.6.7 site (with the 3.6.7 bug fixes employed).



[By the way, I have NOT, ever, used the plugins AddThis, WP Touch or W3 Total Cache - on any site]
__________________
Uniform Server | Wins 7 | Linux | WP 3.5.1 | ThemeFrame 1.2.5 | ATA 3.7.10 | Firefox | Chrome | Safari | Opera | IE 9
Last edited by KatyDigg; Jul 4, 2011 at 02:54 AM. Reason: update - edit in
  #2  
Old Jul 4, 2011, 06:01 AM
juggledad's Avatar
juggledad
 
19,973 posts · Mar 2009
OSX 10.6.8/10.7.3 WP 2.8.x/2.9.x/3.x Atahualpa 3.5.x/3.7.x Safari 5.x Firefox 11 XP
Gold Member 
was the site in 3.6.4 using CSS external or internal?
  #3  
Old Jul 4, 2011, 07:29 AM
KatyDigg
 
302 posts · Jul 2009
Diamond Member - Level 3 
Quote:
Originally Posted by juggledad
was the site in 3.6.4 using CSS external or internal?
Ah, good point, Juggledad, I'll away and find out right now.

EDIT:

Actually, just had a look and the 3.6.4 site is using CSS inline/internal.
__________________
Uniform Server | Wins 7 | Linux | WP 3.5.1 | ThemeFrame 1.2.5 | ATA 3.7.10 | Firefox | Chrome | Safari | Opera | IE 9
Last edited by KatyDigg; Jul 4, 2011 at 07:37 AM. Reason: 3.6.4 site is using CSS inline/internal
  #4  
Old Jul 11, 2011, 03:38 AM
KatyDigg
 
302 posts · Jul 2009
Diamond Member - Level 3 
Simply wish to include this reference link, so as to come back to later.


CSS all dumped into the <head> of the files. Why?



.
__________________
Uniform Server | Wins 7 | Linux | WP 3.5.1 | ThemeFrame 1.2.5 | ATA 3.7.10 | Firefox | Chrome | Safari | Opera | IE 9

Bookmarks

Tags
css, source code disclosure, websitedefender, wp security scan

« Help! Update fine on site, but WP Admin messed up | [SOLVED] Post Layout Pro plugin not working »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with editing source code... RJelley Atahualpa 3 Wordpress theme 5 Mar 22, 2011 12:05 PM
[SOLVED] Source code prooffairy Plugins & Atahualpa 2 Nov 9, 2010 09:12 AM
How do I splice two images into one header in the atahualpa source code? carlos123 Header configuration & styling 4 Aug 15, 2010 03:12 PM
Output HTML source code is bloated islandman Header configuration & styling 3 Sep 18, 2009 09:38 AM
Style from source to CSS stylesheet file? kartun11 Atahualpa 3 Wordpress theme 3 Feb 12, 2009 04:35 PM


All times are GMT -6. The time now is 09:06 AM.

Contact Us - Terms & Conditions - WordPress Themes Forum @ BFA - Privacy Statement - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.