My site was exploited by [EDIT: a CB 1.0.1 only (> 1 year old) vulnerability from 24.04.08}
a quick fix is :
[code:1]
if( isset($_REQUEST) && !ctype_digit($_REQUEST) )
{
die( 'Your IP is logged!' );
}
[/code:1]
just after first line in comprofiler.php file
EDIT: removed link to exploit. Do not make publicity to exploits, and keep your installations up to date. Joomla 1.0.12+ would have avoided that exploit too...
Post edited by: beat, at: 2008/05/05 07:54