There cutenews is hacked.
Printable View
There cutenews is hacked.
Happned the other day rly.
gd newz
Lmao. Stupidly simple to do.
nice find :)
Well seeing as there's several threads in the Website section telling sites not to use cutenews due to security risks they shouldn't be using cutenews :eusa_whis.
But unlucky to them.
Good find.
Lol @ Tweety owning Favourtism
I never used ClubHabbo so this doesn't really bother me.
lol@tweety
good one tbh, since it popular ;).
Ye, they shoulkd be more careful.
Noob Favourtism
and haha @clubcraphabbo
ClubHabbo uses Cutenews!? Oh dear.
I noticed that their news section was down at a random visit yesterday lol. I do find all this "hacking" seriously pathetic.
Someone did post an article about cutenews being easy to hack if peple use dictionary words as their password. :8
It doesn't matter how secure their passwords were.
*Text Removed*
Edited by Agesilaus (Forum Super Moderator): Please do not discuss techniques that can possibly hack another webiste.
Wasnt that what i had done in that pm and u said it was wrong?Quote:
Originally Posted by Invent
ClubHabbo wasn't the only fansite to be 'hacked' via this exploit, HabboHarmony and HFFM are just two others who were effected, sorted now ;)
Are you going to continue using cutenews?Quote:
Originally Posted by SkaterChu
Unless we get a new news system, once weve sorted the exploit then i guess so.Quote:
Originally Posted by Tweety
I don't see them coding their own News System even though it is very much possible and much safer. It costs money however to employ/pay a coder for the News System to be built to a more secure meaning. News systems on Habbo are traditionally cutenews however if you searched long and hard on Google, I think there are safer alternatives.Quote:
Originally Posted by Tweety
If you're listening Simon, do it. =P
You might aswell use one of the free ones available here as they all use sessions which are much more safer than cookies that cutenews uses.Quote:
Originally Posted by SkaterChu
I've seen about 10 sites with the same issued today, including HabboHarmony which is official.
To be honest, it's good that things get hacked. Therefore making the website realise where they're vunerable and knowing they can patch it up.
Loads of sites have got it, duckylove, habbosmart, haboz, habble-aus, habbozone, hobtech, habfever loads more
its a bit sad really that people spend time doing it when it gets removed within minutes lol
Anyway apart from the news, did any other part of the site get affected?
Btw, slightly off topic, but when Ryan mentioned HFFM it reminded me. Do HFFM an ClubHabbo have the same owners/management? I know Ryan is CH owner but is there anyone else who runs both? I'm only asking because they both seem really similar.
an australian based site called wearelegion is hacking all of the official fansites cutenews.
every official australian fansite has been hacked and they're starting to hack international sites.
just a piece of advice if you'd like the news that they delete. do a backup.
there's that cutenews exploit that lets them in. they don't need a password or anything, just one of the users account names.
I noticed too but I don't think Ryan and Carnio get along to well! :PQuote:
Originally Posted by Robald
Im in a krew that haxxed habbox and runescape...
Its no big..
Quote:
Originally Posted by siz
OMG SIZROCKS GANG GONNA PWN YOU!
LOLIRL! Well that's interesting! Why not just put the cutenews on a seperate DNS to the website, and iFrame it? I guess the impact shouldn't be as bad then if they were to hack it unlike how it is most of the time. I guess that's a makeshift way of fixing it.Quote:
Originally Posted by Sabbath
Good idea but people would still be able to find where it's hosted. :PQuote:
Originally Posted by Pyroka
I'd suggest another news script.
Obviously they would? All they'd have to do is look into the source code, however the consequences wouldn't be so severe.Quote:
Originally Posted by Hitman
Well, from what I know (not much haha) they could get into cutenews and delete, add, edit news etc... redirect the page and all that. So if it's still being shown on the page from the other server and it got 'hacked' then it could be redirected, deleted etc... on the main site.Quote:
Originally Posted by Pyroka
Regular backups combat the deletion & edition. As for addition, just a recovery account would be ok, somewhere placed on the cutenews as an invisible user, even to administrators (I'm sure it could be done). Redirecting the page which is in an iFrame? Oh the pain of it all. iFrames can be easily closed too, so if there was a problem all they need to do is redirect it to a maintenance page. It's not as hard as it sounds, it's just a little bit of precaution.Quote:
Originally Posted by Hitman
That is true, good point. Redirecting the iframe is still bad, if it was to a porn site or something... unless the users were feeling horny haha. But really, I'm sure there's a code for redirecting out of iframes (so the site opens in a new window/tab) - I'm not the best when it comes to iframes. :PQuote:
Originally Posted by Pyroka
Redirecting out of iFrames? That'd most probably be Javascript in the form of:Quote:
Originally Posted by Hitman
"IF URL = 'www.clubhabbo.net/news_display'
THEN Keep iFrame display true
ELSE iFrame display = False or Redirect to = 'www.clubhabbo.net/maintenance' "
As an example... I'm not sure if that can be done to what I've said but it's something which could be used. Best to ask the resident JavaScript man, Invent. :P Otherwise, then it'd just be a mere little edit they've done in the website. It wouldn't inflict its credibility too much.
I can do PHP (not loads but I can) however I can not do Javascript. :P There's usually a way to do most things though. But I get where you're coming from, 'tis a good idea. But if your cutenews is hacked and it's on your main server it can't do any other destruction anyway (apart from what cutenews can do, edit news, delete etc...)Quote:
Originally Posted by Pyroka
I read somewhere Cutenews have decided to leave the development of it... so people will have to patch it themselves, which I think some have already (on the CN forums)
Mmm... Incorporation of technologies like AJAX using Cutenews would be great, and since they've halted development I guess you could take it for your own, edit it and well... Rebuild it into something intense. But that's my 2 cents, I'm being very pursuing. =PQuote:
Originally Posted by Hitman
To edit cookies you do not need any javascript knowledge at all as there is an add-on the can do it for you ;).
Looks like its happened again...?
rofl it redirects to
http://www.google.co.uk/search?hl=en...G=Search&meta=
Yup redirects you to a google search when u search "ClubHabbo just got owned"
odear, looks theyre having more problems :l
I remember they went thru lots of hackings a few months ago..
Just not their day ..
I think the problem needs to be addressed and solved sooner rather than later...
http://www.jpowered.com/php-scripts/...nt-management/
http://www.xigla.com/absolutenm/
http://www.codefixer.com/tutorials/n...stem_part1.asp
Well, that was hard.
Yeah there's a free addon for Firefox. :DQuote:
Originally Posted by --ss--
Oh dear again!? Their best bet would be to take down search.php...