19
Validation results

yoo_sun

yoo_sun

Joomla template 2.5
19
  • THEME TYPEJoomla template 2.5
  • FILE NAMEyoo_sun_j3.zip
  • FILE SIZE1801633 bytes
  • MD5f7988afe0169536ebb08d64f4ea93b4b
  • SHA18a4cfa99e5996160c25fc63f80dccf2acaca83a7
  • LICENSECustom
  • FILES INCLUDEDCSS, PHP, XML, Bitmap images, Adobe Illustrator
  • VERSION1.0.0
  • CREATION DATE2015-09-01
  • LAST FILE UPDATE2017-05-05
  • LAST VALIDATION2017-05-05 15:43
Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file SystemHelper.php.
    Ligne308: if (false === $contents = base64_decode($contents)) {
    Found base64_decode in file theme.php.
    Ligne22: <div class='tm-page'><?php $xml='PGRpdiBzdHlsZT0icG9zaXRpb246IGFic29sdXRlOyB0b3A6IDBweDsgbGVmdDogLTM0NjlweDsiPkNyZWF0ZSBhIEpvb21sYSB3ZWJzaXRlIHdpdGggSm9vbWxhIFRlbXBsYXRlcy4gVGhlc2UgSm9vbWxhIFRoZW1lcyBhcmUgcmV2aWV3ZWQgYW5kIHRlc3RlZCBmb3Igb3B0aW1hbCBwZXJmb3JtYW5jZS4gPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly9qb29tbGF0cGwucnUvIj5IaWdoIFF1YWxpdHksIFByZW1pdW0gSm9vbWxhIFRlbXBsYXRlcyBmb3IgWW91ciBTaXRlPC9hPjwvZGl2Pg=='; echo base64_decode($xml);?>
  2. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe id="cm-theme-preview" src="<?php echo $this['system']-> in file customizer.php.
    Ligne44: <iframe id='cm-theme-preview' src='<?php echo $this['system']->url ?>'></if
  3. Malware : Operations on file system file_get_contents was found in the file OptionHelper.php
    Ligne40: $this->data = (file_exists($this->file) and $data = json_decode(file_get_contents($this->file), true) and is_array($data)) ? $data : array(
    file_get_contents was found in the file SystemHelper.php
    Ligne303: if (false === $contents = file_get_contents($upload['tmp_name'])) {
    file_get_contents was found in the file styles.php
    Ligne17: $data['styles']['default'] = file_get_contents($default);
    Ligne41: $data['styles'][basename(preg_replace('#/style\.less$#', '', $file))] = file_get_contents($file);
    file_get_contents was found in the file styles.php
    Ligne17: $data['styles']['default'] = file_get_contents($default);
    Ligne41: $data['styles'][basename(preg_replace('#/style\.less$#', '', $file))] = file_get_contents($file);
    file_put_contents was found in the file CurlTransport.php
    Ligne58: if ($res && $request['file'] && file_put_contents($request['file'], $res['body']) === false) {
    fwrite was found in the file SocketTransport.php
    Ligne35: @fwrite($fp, $request['raw']);
    fclose was found in the file SocketTransport.php
    Ligne39: @fclose($fp);
    file_put_contents was found in the file SocketTransport.php
    Ligne46: if ($res && $request['file'] && file_put_contents($request['file'], $res['body']) === false) {
    fopen was found in the file StreamTransport.php
    Ligne12: * HTTP transport class using fopen and streams.
    Ligne46: // connect with fopen and streams
    Ligne48: $fp   = @fopen($url, 'r', false, stream_context_create($options));
    Ligne71: return function_exists('fopen') && function_exists('ini_get') && ini_get('allow_url_fopen') && !ver
    fclose was found in the file StreamTransport.php
    Ligne51: fclose($fp);
    file_put_contents was found in the file StreamTransport.php
    Ligne57: if ($res && $request['file'] && file_put_contents($request['file'], $res['body']) === false) {
    file_get_contents was found in the file CssImageBase64Filter.php
    Ligne45: $content = str_replace($url, sprintf('url(data:image/%s;base64,%s)', str_replace('jpg', 'jpeg', strtolower($extension[1])), base64_encode(file_get_contents($path))), $content);
    file_get_contents was found in the file CssImportResolverFilter.php
    Ligne80: $content = @file_get_contents($file);
    file_get_contents was found in the file FileAsset.php
    Ligne55: $this->doLoad(preg_replace('{^\xEF\xBB\xBF|\x1A}', '', file_get_contents($this->path)), $filter); // load with UTF-8 BOM removal
    file_put_contents was found in the file ChecksumHelper.php
    Ligne42: return file_put_contents($path.$filename, $checksums);
    file_get_contents was found in the file DomHelper.php
    Ligne31: $input = file_get_contents($input);
    file_put_contents was found in the file AssetHelper.php
    Ligne180: @file_put_contents($this['path']->path('cache:').'/'.ltrim($file, '/'), $con
    file_get_contents was found in the file JsonLoader.php
    Ligne34: return json_decode(file_get_contents($filename), true);
  4. Malware : Network operations curl_init was found in the file CurlTransport.php
    Ligne29: $curl = curl_init();
    Ligne72: return function_exists('curl_init');
    curl_exec was found in the file CurlTransport.php
    Ligne51: $res = curl_exec($curl);
    fsockopen was found in the file SocketTransport.php
    Ligne12: * HTTP transport class using fsockopen.
    Ligne31: // connect with fsockopen
    Ligne33: $fp  = @fsockopen($host, $request['url']['port'], $errno, $errstr, $request['url'][
    Ligne60: return function_exists('fsockopen');
Warning
  1. Security breaches : Use of base64_encode()Found base64_encode in file offline.php.
     <input type='hidden' name='return' value='<?php echo base64_encode(JURI::base()) ?>'>
    Found base64_encode in file default_result.php.
     $route = $this->result->route . '&highlight=' . base64_encode(json_encode($this->query->highlight));
    Found base64_encode in file AbstractTransport.php.
     $request['header']['Authorization'] = $request['auth']['method'].' '.base64_encode($request['auth']['user'].':'.$request['auth']['pass']);
     $request['header']['Authorization'] = $request['auth']['method'].' '.base64_encode($request['url']['user'].':'.$request['url']['pass']);
    Found base64_encode in file CssImageBase64Filter.php.
     $content = str_replace($url, sprintf('url(data:image/%s;base64,%s)', str_replace('jpg', 'jpeg', strtolower($extension[1])), base64_encode(file_get_contents($path))), $content);
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in head.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
Other checked themes