Backdoor in ver. 6.0003!!

Did anyone see that post in the blog about the "serious security issue"?? I think most people dismissed it because it was by someone new.. I followed the link to his blog and it shows some code he found in /inc/admin.inc.php that is base64 encoded.. he decoded it and it looks like a back door for boonex to insert a user name and password in the admin table!?!

 

I still have one site using 6.0003 and I checked and the code IS there!!! Anyone care to explain this?

 

http://english.youshare.jp/blogs.php?action=show_member_post&ownerID=15&blogID=7&post_id=126

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 5 Jun 2008

Aww crap say it ain't so Boonex.

Though this could just be an easy way to reset a default admin password for people who forget?

It's probably encoded so hackers won't know because it IS a security issue but it might not be boonex trying to give themselves a backdoor into dolphin sites.

Quote · 5 Jun 2008

Well someone claiming to be from Boonex responded on the blog that the code was only in Beta versions.. which is NOT true.. I still have all the old zips and it was in the final of 6.0003.

 

And base64 is the most basic encryption so I doubt it would slow down any hacker.. it was enough to fool all of us though so I guess it worked!

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 5 Jun 2008

interesting to say the least on that one mscott~~~

they figure microsoft gets away with it, so why cant they?

lol

later,

DosDawg

When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support
Quote · 5 Jun 2008
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.