My friends owns a site.

(rockhabbo.com)

and last night someone hacked out cutenews and habbo cpg.

cutenews via search.php and habbocpg via mysql injection

he left this message:

dunno if you got my msn messages matt but the news and events pages have I ****** this ***** *** system.. Big up to TheGrimz.NET ;] Wafers from Habbo UK ;) E-mail: ** REMOVED **
0 CommentsPosted on 31 Jan 2008 by Squally posted on them!!!!

only us will know the email but if it happens to you.. Well theres your contact

Uhhm whats Habbo CPG

This exploit has been known for some time now.

Should have payed attention to cutephp forums...

Quite easy?



dosearch=yes;files_arch[]=./data/users.db.php;title=$username


Just remove search.php or get the latest patch.

Hello,
The site was "hacked" through Cutenews (as earlier posts suggest, search.php).

If HabboCPG was compromised, it is likely due to harvested login information being the same as on HabboCPG.

We are constantly working to make HabboCPG a more secure, easier to use radio control panel, and would appreciate it if you could send us any server logs showing how you think HabboCPG was hacked; we will then check for security holes, and patch them up.

-Alex
Lineapp.net

Edited by H0BJ0B (Forum Moderator): Please do not bump threads.