Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[Secured]MapleBit CMS Security Enhancement

Initiate Mage
Joined
Apr 1, 2014
Messages
17
Reaction score
5
MapleBit Re Secured
Hey Guys, This is the original MapleBit from greenelfx github repository
just modified by me & friends against SQL-Injections & Cross Site Scripting
Have Fun!




Credits
MapleBit - greenelfx

Security - Gerry
 
Experienced Elementalist
Joined
Mar 12, 2015
Messages
238
Reaction score
43
How can anybody trust that you didn't add exploits yourself when nobody even likes you? This doesn't even block sharpacex.
 
Joined
Jul 31, 2013
Messages
30
Reaction score
21
I did a quick look and it seems like all that was changed are POST/GET inputs being escaped. I mean I guess it's a start to fixing MapleBit.
If you really want to help out the development of the website, you should be making pull requests to the GitHub repository. It doesn't really make sense to be releasing the code like this when you know the repository exists and can clearly see it has been updated recently.
 
Initiate Mage
Joined
Jul 11, 2013
Messages
80
Reaction score
14
yeah, I'm a bit confused as to why a re-released branch is necessary. seems to make more sense to release a pull request on github and merge it into master. I don't actively work on MapleBit at all (just for nostalgia whenever is strikes every few years :D), but I'm active on Github and am always happy to accept security and bug fixes.

agreed - definitely PR anything like that. thanks for your availability!

i recall running a pentest tool over MapleBit a while ago (OWASP ZAP), and it didn't find anything major at all, particularly nothing related to XSS or SQL injection vulnerabilities as described by OP. although to be fair i'm not an expert at using it.

do you have any general thoughts on how secure MapleBit is at the moment?
are there any areas you're aware of that particularly need some work?
 
Joined
Oct 25, 2008
Messages
1,372
Reaction score
604
agreed - definitely PR anything like that. thanks for your availability!

i recall running a pentest tool over MapleBit a while ago (OWASP ZAP), and it didn't find anything major at all, particularly nothing related to XSS or SQL injection vulnerabilities as described by OP. although to be fair i'm not an expert at using it.

do you have any general thoughts on how secure MapleBit is at the moment?
are there any areas you're aware of that particularly need some work?

It's pretty public that MapleBit has several major SQL injections, none of which this release addressed whatsoever (but we all knew that anyways). As Green said, MapleBit was written a long time ago, so for its time it did what it needed to do, but in 2019, the entire architecture violates several best practices. You could spend the time trying to patch holes but the entire code base is an unmaintainable mess thanks to its monolithic nature. That's not an attack on anybody, that's just how things were done back then. I wouldn't even suggest bothering trying to "re-write" it. It would be more like just a brand new project completely unrelated to the current MapleBit in any way, shape or form.

I've considered on several occasions to just release some of the exploits I have (or simply make the PR myself to the repo) but then I remember that this community doesn't even bother to keep credits on things other people create, so I decide against it. To my knowledge, the major exploits are only known by very few people so MapleBit is still generally safe to use (as evident by the many servers that use it in production right now with no issues), so I wouldn't worry about its security all that much.
 
Joined
Oct 12, 2005
Messages
1,282
Reaction score
70
after installing site, i setup everything i can see online info and all that, but when i click on register all i see is blank page with login panel on left side. rest is blank.
using heavenms source. does java 7 or 8 matter with this cms?
 
Initiate Mage
Joined
Sep 27, 2018
Messages
91
Reaction score
20
using heavenms source. does java 7 or 8 matter with this cms?

Gerry - [Secured]MapleBit CMS Security Enhancement - RaGEZONE Forums
 
Last edited:
Joined
Oct 25, 2008
Messages
1,372
Reaction score
604
In addition to having a join date of October 2005 and not even knowing that the source's Java version has nothing to do with the CMS, resinate is looking for web dev help but he's trying really hard to scam/low ball people. He doesn't even know how much work the job he's hiring for entails but he wanted me to throw a number first, and when I refused, he just got upset and gave up all negotiation entirely lmao. What a swell guy he is:

YbUlx0 - [Secured]MapleBit CMS Security Enhancement - RaGEZONE Forums
 

Attachments

You must be registered for see attachments list
Initiate Mage
Joined
Sep 27, 2018
Messages
91
Reaction score
20
In addition to having a join date of October 2005 and not even knowing that the source's Java version has nothing to do with the CMS, @resinate is looking for web dev help but he's trying really hard to scam/low ball people. He doesn't even know how much work the job he's hiring for entails but he wanted me to throw a number first, and when I refused, he just got upset and gave up all negotiation entirely lmao. What a swell guy he is:

YbUlx0 - [Secured]MapleBit CMS Security Enhancement - RaGEZONE Forums

SoonTM:junglejane:
 

Attachments

You must be registered for see attachments list
Back
Top