[Secured]MapleBit CMS Security Enhancement
![[Secured]MapleBit CMS Security Enhancement](https://ragezone.com/topg.png)
MapleBit Re Secured
Hey Guys, This is the original MapleBit from greenelfx github repository
just modified by me & friends against SQL-Injections & Cross Site Scripting
Have Fun!
Mega Download Link
Original MapleBit Repository
Credits
MapleBit - greenelfx
Security - Gerry
How can anybody trust that you didn't add exploits yourself when nobody even likes you? This doesn't even block sharpacex.
What's mine is yours,
for a price.
I did a quick look and it seems like all that was changed are POST/GET inputs being escaped. I mean I guess it's a start to fixing MapleBit.
If you really want to help out the development of the website, you should be making pull requests to the GitHub repository. It doesn't really make sense to be releasing the code like this when you know the repository exists and can clearly see it has been updated recently.
yeah, I'm a bit confused as to why a re-released branch is necessary. seems to make more sense to release a pull request on github and merge it into master. I don't actively work on MapleBit at all (just for nostalgia whenever is strikes every few years :D), but I'm active on Github and am always happy to accept security and bug fixes.Originally Posted by izarooni
agreed - definitely PR anything like that. thanks for your availability!
i recall running a pentest tool over MapleBit a while ago (OWASP ZAP), and it didn't find anything major at all, particularly nothing related to XSS or SQL injection vulnerabilities as described by OP. although to be fair i'm not an expert at using it.
do you have any general thoughts on how secure MapleBit is at the moment?
are there any areas you're aware of that particularly need some work?
Probably unifying how GET/POST params are processed. Would be nice to integrate some library that handles sanitization/escaping of user input rather than having 20 different implementations in the codebase. Secondly, the SQL layer is pretty bad, with raw queries and directly accessing mysqli. Would be nice to have an ORM layer instead, but that'd be a huge rewrite for not much actual gain other than code cleanliness.
The problem with improving MapleBit is that you quickly realize how outdated the website is. There's no concept of routing, controllers, views, etc. Everything is intermingled (as rudimentary PHP sites were back in the day when MapleBit was written). The more you dig into it, the more improving it seems like a waste of time since only a complete rewrite would be "worth it"
So if you're looking for things to work on, I'd just hack on the bits and pieces that are "auxiliary" to MapleBit like improving input handling, cleaning up old scripts, etc.
It's pretty public that MapleBit has several major SQL injections, none of which this release addressed whatsoever (but we all knew that anyways). As Green said, MapleBit was written a long time ago, so for its time it did what it needed to do, but in 2019, the entire architecture violates several best practices. You could spend the time trying to patch holes but the entire code base is an unmaintainable mess thanks to its monolithic nature. That's not an attack on anybody, that's just how things were done back then. I wouldn't even suggest bothering trying to "re-write" it. It would be more like just a brand new project completely unrelated to the current MapleBit in any way, shape or form.
I've considered on several occasions to just release some of the exploits I have (or simply make the PR myself to the repo) but then I remember that this community doesn't even bother to keep credits on things other people create, so I decide against it. To my knowledge, the major exploits are only known by very few people so MapleBit is still generally safe to use (as evident by the many servers that use it in production right now with no issues), so I wouldn't worry about its security all that much.
https://mapleme.me/
The memes of the Maple community all in one place.
if you don't mind, you should share the exploits (privately). at the very least for my own curiosity :)
nice meme
https://mapleme.me/
The memes of the Maple community all in one place.
after installing site, i setup everything i can see online info and all that, but when i click on register all i see is blank page with login panel on left side. rest is blank.
using heavenms source. does java 7 or 8 matter with this cms?
Last edited by Masaaku; 18-02-20 at 08:28 PM.
Yeet.
kek.
In addition to having a join date of October 2005 and not even knowing that the source's Java version has nothing to do with the CMS, @resinate is looking for web dev help but he's trying really hard to scam/low ball people. He doesn't even know how much work the job he's hiring for entails but he wanted me to throw a number first, and when I refused, he just got upset and gave up all negotiation entirely lmao. What a swell guy he is:
https://mapleme.me/
The memes of the Maple community all in one place.
https://mapleme.me/resinate SoonTMIn addition to having a join date of October 2005 and not even knowing that the source's Java version has nothing to do with the CMS, @resinate is looking for web dev help but he's trying really hard to scam/low ball people. He doesn't even know how much work the job he's hiring for entails but he wanted me to throw a number first, and when I refused, he just got upset and gave up all negotiation entirely lmao. What a swell guy he is:
Yeet.
kek.
Reply With Quote![[Secured]MapleBit CMS Security Enhancement](http://ragezone.com/hyper728.png)
