On Tue, Jun 07, 2011 at 06:57:44PM +0300, MustLive wrote: > Hi David! > > You need to look harder ;-). Looks like you checked these two themes on those > sites, admins of which deleted this file. There are admins who can understand > that scripts with phpinfo must not be at working sites (but it's rare cases, > and larger part of the sites with affected themes for WP contain test.php). > > Yes, I've check all these 15 themes (I've tested even more and wasted a lot > of time on it, but found exactly at these 15 themes). I've found them at live > web sites in Internet, as I mentioned earlier. > > Here are examples of the sites with test.php in Typebased and NewsPress > themes: > > http://thenetexperiment.com/wp-content/themes/typebased/includes/test.php > > http://coporan.3x.ro/wp-content/themes/newspress/includes/test.php > > For example, in April I was trying to find test.php in these 15 and other > themes at WooThemes' demo site, but they haven't this file in any of their > themes (among those tested by me). So as for their own sites, then they > understand the risk, and when to sell holes for large price for their > clients, then they already don't understand the risk and position it as a > feature :-). > > Best wishes & regards, > MustLive > Administrator of Websecurity web site
Please don't waste your time anymore :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
