Ziad
06-01-2006, 08:03 PM
We recently found a security hole in Subdreamer CMS, everyone needs to perform the steps in this thread to make sure their website is secure.
The security hole is located within the Subdreamer CMS skin files. It will take us a while to update and fix every skin, so for now please update your skin files manually.
Download and update the design files for your skin.
Your design files are located in your skins folder, you can find out the exact names of your design files by opening up install.php which is also located in your skin folder.
For example, the skin Advanced 2; is located here:
./skins/advanced_2/
The install file is here:
./skins/advanced_2/install.php
Open up install.php and you will find the paths to four design files:
$designpath[] = 'advanced_2/advanced_1.php';
$maxplugins[] = 30;
$imagepath[] = 'advanced_2/images/adv_design_1.jpg';
$designpath[] = 'advanced_2/advanced_2.php';
$maxplugins[] = 20;
$imagepath[] = 'advanced_2/images/adv_design_2.jpg';
$designpath[] = 'advanced_2/advanced_3.php';
$maxplugins[] = 20;
$imagepath[] = 'advanced_2/images/adv_design_3.jpg';
$designpath[] = 'advanced_2/advanced_4.php';
$maxplugins[] = 10;
$imagepath[] = 'advanced_2/images/adv_design_4.jpg';
Take a look at the $designpath[] = code and you will see the paths to the four files:
1) advanced_2/advanced_1.php
2) advanced_2/advanced_2.php
3) advanced_2/advanced_3.php
4) advanced_2/advanced_4.php
Those files will be located under the skins folder (ex: skins/advanced_2/advanced_1.php). Now, open each one of those files and insert the following code on the very first line:
<?php
// +---------------------------------------------+
// | Copyright © 2003 – 2006 Subdreamer, LLC |
// | http://www.subdreamer.com |
// | This file may not be redistributed. |
// +---------------------------------------------+
if(!defined('IN_SUBDREAMER'))
{
die('Hacking attempt!');
}
?>
Upload those files back to your skin folder and you are secured.
Please update your skin files as soon as possible, we are very sorry for this inconvenience.
Sincerely,
The Subdreamer Team
The security hole is located within the Subdreamer CMS skin files. It will take us a while to update and fix every skin, so for now please update your skin files manually.
Download and update the design files for your skin.
Your design files are located in your skins folder, you can find out the exact names of your design files by opening up install.php which is also located in your skin folder.
For example, the skin Advanced 2; is located here:
./skins/advanced_2/
The install file is here:
./skins/advanced_2/install.php
Open up install.php and you will find the paths to four design files:
$designpath[] = 'advanced_2/advanced_1.php';
$maxplugins[] = 30;
$imagepath[] = 'advanced_2/images/adv_design_1.jpg';
$designpath[] = 'advanced_2/advanced_2.php';
$maxplugins[] = 20;
$imagepath[] = 'advanced_2/images/adv_design_2.jpg';
$designpath[] = 'advanced_2/advanced_3.php';
$maxplugins[] = 20;
$imagepath[] = 'advanced_2/images/adv_design_3.jpg';
$designpath[] = 'advanced_2/advanced_4.php';
$maxplugins[] = 10;
$imagepath[] = 'advanced_2/images/adv_design_4.jpg';
Take a look at the $designpath[] = code and you will see the paths to the four files:
1) advanced_2/advanced_1.php
2) advanced_2/advanced_2.php
3) advanced_2/advanced_3.php
4) advanced_2/advanced_4.php
Those files will be located under the skins folder (ex: skins/advanced_2/advanced_1.php). Now, open each one of those files and insert the following code on the very first line:
<?php
// +---------------------------------------------+
// | Copyright © 2003 – 2006 Subdreamer, LLC |
// | http://www.subdreamer.com |
// | This file may not be redistributed. |
// +---------------------------------------------+
if(!defined('IN_SUBDREAMER'))
{
die('Hacking attempt!');
}
?>
Upload those files back to your skin folder and you are secured.
Please update your skin files as soon as possible, we are very sorry for this inconvenience.
Sincerely,
The Subdreamer Team