wow, so it is true.. i dont see how hackers choose what sites to completely destroy.. pathetic i think.. i mean your a trap17 administrator right???! ah.. please anyone whos reading tell me its not true, that the guy who started the Cutenews Project, completely abandoned it?!

also i tried my lilcomments or whatever, and the demo was down, unfortunately

if cutenews was abandoned by the owner, i hope someone takes over

CuteNews, like any other scripts, are vulnerable when people are developing it from the ground up. That's why people pay to have scripts that are thoroughly tested. But even with paid scripts there's a constant updates and patches to be on the look out.

CuteNews have released the security measurement but I failed to check it on time. This forum, IP.Board, has alert notice section when a new or patch is available. Perhaps it's time for CuteNews to implement something similar.

The fault might have been on CuteNews for leaving such hacking potential but that fault is also shared by me not checking CuteNews' support forum on a regular basis.

And some clever guy just knowing how to manipulate this vulnerability has nothing to do with my position here at Trap17 If I were to place a blame, it's Google or other search engines making it easy to search all sites with CuteNews interface without much effort.

I will still be using cutenews. I will make sure to make login details for cutenews different than cpanel though, don't want them accessing the whole site now, do we? I don't really mind if they wipe the news, I can always just backup, and it is not 100% chance that it'l happen to me.

lemonwonder,

If you're not using SEARCH within your CuteNews, just delete the file. Otherwise go to CuteNew's support forum and edit the search.php file to countermeasure the security hole.

Okay. I do not know whether cutenews search will be / is used so ill fix it. Thanks BuffaloHELP