Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #17975

    Hello,

    One of my sites using the Choices theme was recently hacked – I believe using a UTF-7 exploit with XSS (though I could be wrong about that). The hackers basically defaced all the pages by editing the head section on each of the pages. This resulted in a load of errors like this being displayed on each of the pages:-

    Warning: html_entity_decode() [function.html-entity-decode]: charset `UTF-7′ not supported, assuming iso-8859-1 in <URL>/choices/framework/php/function-set-avia-backend.php on line XXX

    From my little understanding of this, I thought this sort of hack was only possible when you don’t explicitly declare which charset you are using. In the theme I see the charset is defined as:-

    <meta charset=”<?php bloginfo( ‘charset’ ); ?>” />

    …which seems pretty standard.

    Any idea how they managed to do this and/or what I can do to prevent it from happening again? Incidentally, if you do a google search for the error message, you’ll see a lot of sites using your themes that have been hacked in the same way (with file function-set-avia-backend.php).

    Thanks in advance

    #97727

    Hi!

    Yes, Choices version 1.6 fixes the security issue: http://themeforest.net/item/choices-responsive-business-and-portfolio/2536338

    Please download the latest version from themeforest.net.

    Best regards,

    Peter

    #97728

    Great, thanks for the quick reply.

Viewing 3 posts - 1 through 3 (of 3 total)

The topic ‘Choices site was hacked – known vulnerability?’ is closed to new replies.