Backdoor in ver. 6.0003!!

Did anyone see that post in the blog about the "serious security issue"?? I think most people dismissed it because it was by someone new.. I followed the link to his blog and it shows some code he found in /inc/admin.inc.php that is base64 encoded.. he decoded it and it looks like a back door for boonex to insert a user name and password in the admin table!?!

I still have one site using 6.0003 and I checked and the code IS there!!! Anyone care to explain this?

http://english.youshare.jp/blogs.php?action=show_member_post&ownerID=15&blogID=7&post_id=126

Aww crap say it ain't so Boonex.

Though this could just be an easy way to reset a default admin password for people who forget?

It's probably encoded so hackers won't know because it IS a security issue but it might not be boonex trying to give themselves a backdoor into dolphin sites.

Well someone claiming to be from Boonex responded on the blog that the code was only in Beta versions.. which is NOT true.. I still have all the old zips and it was in the final of 6.0003.

And base64 is the most basic encryption so I doubt it would slow down any hacker.. it was enough to fool all of us though so I guess it worked!

interesting to say the least on that one mscott~~~

they figure microsoft gets away with it, so why cant they?

lol

later,

DosDawg