The Quick & Dirty:

  • 9+ years in the biz, 10 messing around
  • All the latest in HTML, CSS, JS & PHP (Sorry, no .net or Ruby skills yet)
  • Cross-browser compatible code from Photoshop or Illustrator files.. or napkins!
  • Custom Specialities in Wordpress theming & plugins, Twitter & jQuery
  • Subversion, server-log analysis, and blocking hack-attempts (of late).
  • Data/Project Geek. I ♥ timelines.

I’ve compiled some handy PHP functions I’ve had to whip up. More extensive code-samples are also available.

Wordpress-from-Photoshop/Illustrator

Wordpress-from-static HTML

Wordpress-from-Photoshop

Vulnerable WordPress Themes and Plugins

Belarus (86.57.184.153) has tried to get at one of my clients. Looks like these are some themes & plugins you DON’T want to use:

THEMES:
clockstone
deep-blue

PLUGINS:
advanced-custom-fields
wp-property
zingiri-web-shop
wpstorecart
mm-forms-community
thecartpress
mini-mail-dashboard-widget
1-flash-gallery
wp-mailinglist

Here’s particularly what I found in my logs:

 POST /wp-content/plugins/advanced-custom-fields/core/actions/export.php
 POST /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php
 POST /wp-content/themes/clockstone/theme/functions/upload.php
 POST /wp-content/themes/deep-blue/megaframe/megapanel/inc/upload.php
 POST /wp-content/plugins/zingiri-web-shop/fwkfor/ajax/uploadfilexd.php?fh=/../../../../../../wp-includes
 POST /wp-content/plugins/wpstorecart/php/upload.php
 POST /wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php
 POST /wp-content/plugins/thecartpress/checkout/CheckoutEditor.php
 POST /wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php
 POST /wp-content/plugins/mini-mail-dashboard-widget/wp-mini-mail.php
 POST /wp-content/plugins/1-flash-gallery/upload.php?action=uploadify
 POST /wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Posted in Day Job, hacked, wordpress Comments Off

Comments are closed.