Since the beginning of our small hacking competition, the http://hackme.compojoom.com page got around 200 comments all trying to inject malicious code and eventually win some cash and one of the 5 salvusalerting subscriptions that we are offering. Unfortunately 6 of the comments made what they intended - they managed to exploit several XSS holes and found a LFI vulnerability. Those problems were all found from Jeff Channell and right now here is going to get 200€ and 1 salvus subscription :).
As you know the competition will run till the end of August, so if you wish to steal a little bit of cash from Jeff, then dive in :)
This competition gave birth to CompojoomComment 4.1.5(released last week) and 4.1.7(released today). In 4.1.7 all reported vulnerabilities were fixed and I warmly advise everyone to upgrade!
I want to thank everyone for participating so far and for making compojoomComment and the joomla world a little bit more secure! Thank you all!
P.S. What do you think - are we 3rd party developers mature enough to organize a global joomla hacking competition???