http://www.kriesi.at/support/tags/vulnerability Support Forum - Tag: vulnerability - Recent Posts en-US Sat, 25 May 2013 14:04:20 +0000 http://bbpress.org/?v=1.0.2 q http://www.kriesi.at/support/search.php http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89271 Fri, 21 Dec 2012 19:21:11 +0000 Devin 89271@http://www.kriesi.at/support/ <p>Hi colorit2,</p> <p>The dst_store is a file created by apple. Since Kriesi compiles and works on a Mac it gets added in. See: <a href="http://en.wikipedia.org/wiki/.DS_Store" rel="nofollow">http://en.wikipedia.org/wiki/.DS_Store</a></p> <p>There was a security fix in the most recent version of corona (1.4) so you should definitely download it and update. You can do so by re-downloading the theme from themeforest and then installing the theme in the same way you first installed it.</p> <p>Regards,</p> <p>Devin </p> http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89242 Fri, 21 Dec 2012 13:35:35 +0000 colorit2 89242@http://www.kriesi.at/support/ <p>Here is a PDF (600 kB) made with Fireshot of this theme check:</p> <p><a href="https://www.dropbox.com/s/n0ug942le2z5kmk/ThemeCheck-Corona-Original.pdf" rel="nofollow">https://www.dropbox.com/s/n0ug942le2z5kmk/ThemeCheck-Corona-Original.pdf</a> </p> http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89240 Fri, 21 Dec 2012 13:29:31 +0000 colorit2 89240@http://www.kriesi.at/support/ <p>Hi,</p> <p>due to some security issues at my WP installation I have made beside other things a theme check with this plugin: <a href="http://wordpress.org/extend/plugins/theme-check/" rel="nofollow">http://wordpress.org/extend/plugins/theme-check/</a></p> <p>And there are obviously a lot of issues with CORONA; I'm mostly concerned about the red "warnings" like</p> <p><code> ... base64_encode ... </code></p> <p>in avia-export-class.php for example, fopen, fclose, and why is there a <strong>hidden file/folder ".ds_store"</strong>??<br /> It is in the original CORONA files, freshly downloaded at Themeforest.</p> <p>What is there to do with all these issues concerning the security?<br /> (my WP has been hacked by the "pharma hack" --&gt; <a href="http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php" rel="nofollow">http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php</a></p> <p>And this although I have installed Antivirus, Limit Login Attempts-plugin, several WP security plugins, using strong passwords, having no "admin" user, protecting wp-admin and wp-config.php with .htaccess and having the wp-config.php moved above the WP installation folder etc.</p> <p>So I'm currently checking all security vulnerabilities in my network - and therefor I'm worried about the "theme check" of CORONA.</p> <p>Any suggestions for this?<br /> Thanks a lot! </p> http://www.kriesi.at/support/topic/security-waring#post-54644 Fri, 04 May 2012 13:02:01 +0000 eddygame 54644@http://www.kriesi.at/support/ <p>You're a star Dude - thanks </p> http://www.kriesi.at/support/topic/security-waring#post-54643 Fri, 04 May 2012 13:00:43 +0000 Kriesi 54643@http://www.kriesi.at/support/ <p>Hi! </p> <p> You can already get the update at themeforest, yes.</p> <p>Updating this preview-shortcode-external.php and the dialog.php file within the shortcode folder is sufficient :) </p> <p> Regards,<br /> Kriesi </p> http://www.kriesi.at/support/topic/security-waring#post-54567 Thu, 03 May 2012 20:32:13 +0000 eddygame 54567@http://www.kriesi.at/support/ <p>and one more question... can we pick up the updated themes from themeforest? </p> http://www.kriesi.at/support/topic/security-waring#post-54565 Thu, 03 May 2012 20:24:17 +0000 eddygame 54565@http://www.kriesi.at/support/ <p>Thats great news Kriesi - thanks for update... can you confirm if it's just the file 'preview-shortcode-external.php' that needs replacing or the whole framework folder? </p> http://www.kriesi.at/support/topic/security-waring#post-54548 Thu, 03 May 2012 18:27:36 +0000 Kriesi 54548@http://www.kriesi.at/support/ <p>Ok guys!</p> <p>I have released a patch for all framework themes. I am still not sure if the issue WooThemes is having is directly related to this file but I figured it wouldnt be bad adding some additional security. the files now stops executing is the user is not logged in and doesnt have the capability to edit code.</p> <p>That should fix any holes in the preview system ;)</p> <p>As always you can download the latest version of the themes on themeforest </p> http://www.kriesi.at/support/topic/security-waring#post-54401 Wed, 02 May 2012 19:46:50 +0000 eddygame 54401@http://www.kriesi.at/support/ <p>Yeah! I wouldn't want to be in the woothemes office this week! </p> http://www.kriesi.at/support/topic/security-waring#post-54310 Wed, 02 May 2012 14:00:31 +0000 Kriesi 54310@http://www.kriesi.at/support/ <p>Hey! </p> <p> Will do :)<br /> Since the downtime of woothemes those guys are really busy it seems, so it might be a few more hours until I get an answer from the framework developer :) </p> <p> Best regards,<br /> Kriesi </p> http://www.kriesi.at/support/topic/security-waring#post-54276 Wed, 02 May 2012 08:11:51 +0000 eddygame 54276@http://www.kriesi.at/support/ <p>Thanks for the update Kriesi - please keep us posted on developments. </p> http://www.kriesi.at/support/topic/security-waring#post-54272 Wed, 02 May 2012 07:44:02 +0000 Kriesi 54272@http://www.kriesi.at/support/ <p>Hey Guys! I am currently in contact with woothemes to get some more knowledge on the issue, and I let you know as soons as I know more. In the meantime If you are afraid of the exploit open your themefolder with an ftp tool and remove the </p> <p>"framework/php/avia_shortcodes/preview-shortcode-external.php" file</p> <p>the file is not necessary for the theme to work, the only functionality lost will be the shortcode previews when you create a new one.</p> <p>I'll keep you posted!<br /> Cheers</p> <p>Kriesi </p> http://www.kriesi.at/support/topic/security-waring#post-54216 Tue, 01 May 2012 20:59:37 +0000 eddygame 54216@http://www.kriesi.at/support/ <p>Must admit, it makes me a little nervous too - from what I can tell of the woothemes issue, it's very easy to add shortcode to a site with the hack. </p> <p>would like to see a 'this is absolutely not an issue for our themes' kinda response. </p> http://www.kriesi.at/support/topic/security-waring#post-54155 Tue, 01 May 2012 15:25:38 +0000 littlepackage 54155@http://www.kriesi.at/support/ <p>I dunno about this - I'm <em>nervous</em> because it has to do with the Shortcode Exploit that was found 4/23. I'd LOVE to see this addressed ASAP, because the patch is a *theme* patch. I know the code is different in these themes, it would still be nice to have eyes on it and some reassurance. <strong>Thank you!!</strong><br /> <hr /><br /> <a href="https://gist.github.com/2523147">https://gist.github.com/2523147</a></p> <p><a href="http://www.woothemes.com/2012/04/framework-shortcode-exploit-has-been-fixed/">http://www.woothemes.com/2012/04/framework-shortcode-exploit-has-been-fixed/</a> </p> http://www.kriesi.at/support/topic/security-waring#post-54033 Mon, 30 Apr 2012 21:13:56 +0000 Devin 54033@http://www.kriesi.at/support/ <p>It doesn't look like it will be a big issue and to be honest I don't *think* it will effect the themes at all. Definitely keep WooCommerce up to date in the coming weeks just in case. </p> http://www.kriesi.at/support/topic/security-waring#post-54025 Mon, 30 Apr 2012 20:59:27 +0000 eddygame 54025@http://www.kriesi.at/support/ <p>Cheers Devin, good advice and probably worth doing as a precaution until the issue is resolved.</p> <p>Hopefully get a full answer from Kriesi pretty soon. </p> http://www.kriesi.at/support/topic/security-waring#post-54021 Mon, 30 Apr 2012 20:53:19 +0000 Devin 54021@http://www.kriesi.at/support/ <p>Hi eddygame,</p> <p>I'm not sure about that. I'll talk to Kriesi as I'm sure hes been busy checking into this since he makes such intimate use of WooCommerce.</p> <p>In the meantime, You can always make a quick backup of the theme then delete the file and test for any functionality concerns. Off hand, you will definitely not be able to use the pop up shortcode generator but you could still use the shortcodes in the actual pages.</p> <p>Regards,</p> <p>Devin </p> http://www.kriesi.at/support/topic/security-waring#post-54015 Mon, 30 Apr 2012 20:08:40 +0000 eddygame 54015@http://www.kriesi.at/support/ <p>I think Vaultpress is flagging this up as the file names of both the woothemes 'preview-shortcode-external.php' and ShoutBox 'preview-shortcode-external.php' files are the same? the code looks very different. </p> http://www.kriesi.at/support/topic/security-waring#post-54006 Mon, 30 Apr 2012 18:55:51 +0000 eddygame 54006@http://www.kriesi.at/support/ <p>Hi Guys,</p> <p>I have Vaultpress on one of my sites and today it's started giving a warning about the file:<br /> 'preview-shortcode-external.php' in themes: /shoutbox/framework/php/avia_shortcodes/</p> <p>I think this is related to the recent woothemes exploit - any idea if this affects 'ShoutBox' or other Kriesi themes? Vaultpress is recommending I delete - preview-shortcode-external.php is it safe to do that? will it cause any problems with short codes?</p> <p>Here is some more about the exploit <a href="http://blog.sucuri.net/2012/04/new-woothemes-vulnerability-patched-update-framework-now.html" rel="nofollow">http://blog.sucuri.net/2012/04/new-woothemes-vulnerability-patched-update-framework-now.html</a> </p>