I had alphacontent extension 2.5.8.

Vulnerability is described here:
www.securityfocus.com/bid/28443/exploit

When they type in the line of code, they get admin, password hash, and database details pop up in the browser.
Removing alphacontent and changing passwords etc. until a fix is found.

I have the sane problem in more site with alphacontent.

I upgrade alphacontent to latest release 3.0.3 but i'm not sure to fix problem...

Suggestions???

This exploit available just with 2.5.8 and older. If you install the last version, no problem.

admin wrote:
This exploit available just with 2.5.8 and older. If you install the last version, no problem.

If i can advice, think it's more safe if is possible to remove the version of the component from the footer on the next release.
For ex. let only "Powered by AlphaContent © 2005-2008 - All rights reserved". The life of those "children" hackers will be a bit more complicated

Keep up the great work!!
Cheers<br /><br />Post edited by: xplay, at: 2008/04/07 11:41

What is about that: milw0rm.com/exploits/5512

Source: www.joomla-downloads.de/unsichere-kompon...content-version.html

On this popular site alphacontent is marked as &quot;unsecure&quot;! The version which ist vulnerable for the exploit above is not known.

Hello,
I have alphacontent 3.0.4

I have a problem:
Trojan-downloader.JS.Psyme.me
c:/www:sauv_administrator:components:com_alphacontents/

All photographys disappear. How to prevent the hacker from starting again?

Thank you for answer.

Jean-Claude Charles