One of my sites using the Choices theme was recently hacked – I believe using a UTF-7 exploit with XSS (though I could be wrong about that). The hackers basically defaced all the pages by editing the head section on each of the pages. This resulted in a load of errors like this being displayed on each of the pages:-
Warning: html_entity_decode() [function.html-entity-decode]: charset `UTF-7′ not supported, assuming iso-8859-1 in <URL>/choices/framework/php/function-set-avia-backend.php on line XXX
From my little understanding of this, I thought this sort of hack was only possible when you don’t explicitly declare which charset you are using. In the theme I see the charset is defined as:-
<meta charset=”<?php bloginfo( ‘charset’ ); ?>” />
…which seems pretty standard.
Any idea how they managed to do this and/or what I can do to prevent it from happening again? Incidentally, if you do a google search for the error message, you’ll see a lot of sites using your themes that have been hacked in the same way (with file function-set-avia-backend.php).
Thanks in advance
The topic ‘Choices site was hacked – known vulnerability?’ is closed to new replies.