These are only my guests, because I have not tried any, but the ideas may help you:
The "admin" user for the web seems to be in the file:
There is one line with format:
admin:nas admin:<encrypted password>
I would try to remove the third part (so the line ends with ":") and see if you can get in with empty password. I recommend that you backup the file before modifying it. Be careful if you have the ramdisk hack in your system, because this file may get overwritten by the backup scripts (if you did not configure ramdisk, do not care about this comment).
Another possibility is to reset the MyBook as explained in the user manual. They say that the admin password and the network configuration is reset. However, I do not know what happens if you reset a hacked MyBook… Maybe someone has tried already. You can also try to find which script is run when MyBook is reset, and then do the password reset manually.
Finally, someone could post the /var/private/lighthttpd.htdigest.user from a fresh MyBook (password not changed) and try to put that line in your system.
I hope it helps, and you get the admin back… Post the solution if you find it, so we know what to do if it happens to us.