Why does the dolphin demo redirect me to LinkBucks

And then an automatic download?

??

Does not redirect me.

Thought I'd try Safari as well (as chrome) and - same.

And now a different computer - same.

After about 5 seconds I'm redirected to this url:

http://www.linkbucks.com/c65157b6/url/http://demo.boonex.com/?_lbGate=708951

yep.

Yes, tested and the same result.  Perhaps someone loaded something to the site that is causing it.  Should reset and be gone if that is the case.  Reset on demo is 30 minutes I believe.

Yea, it does for me now as well. Maybe some idiot put some malware on it.

The site resets in a few minutes, so check again later.

OK good, thought it was just me.

Yes, after the demo resets the redirection no longer occurs.

Well it's redirecting me again.  The vulnerability scares me :(

So what's happening is someone is manually logging in (the salt is now reset) and editing the promo block to add a JavaScript redirect. This has been happening for a few months now. Your site's fine, it's not a vulnerability. Just a very determined individual.

What do you mean... I've never seen this on the dolphin demo before.

If it's been happening for a few months why has it not been addressed in some way?

It was - the salt is now reset, so automatic re-logins are no longer possible. However, BoonEx does need to ban the IP address (assuming there's only one). The demo is also reset every 30 minutes, so it's easy to miss. I assume this isn't an automated script, because it's sporadic and doesn't happen for some days or weeks.