I Just recive the following information From Larok (Webmaster at the RUSSISAN SUPPORT SITE) regarding the INCONTENT MODULE
If you are using INCONTENT YOU FIND A SECURITY FIX IN THIS INFORMATION TO:
info from Larok is here :
Incontent module have big security bug.
With this bug hacker can see all data in mainfile.php & other *.php portal files.
All data base data can be stolen.
How it works:
Just simpe search in google for sites that use incontent module i find one of them:
To view incontent files we use link like:
We can easy look all data base data, pass, username and other by this link in html:
And different *.php files by this link like:
Path for this error here:
(Colosed for non registered)
Also must work on xoops portals were webmaster install this module. Like this one:
Have a nice day.