Most visitors online was 12720 , on 2 May 2024
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature currently requires accessing the site using the built-in Safari browser.
This CMS is quite exposed to XSS in theory, you should consider using htmlentities()/htmlspecialchars() and strip_tags() or optionally run it through a RegEx to strip script tags.
Nevertheless, cute site.
It's quite simple, hacking a database is easier than hacking a host.If you find any vulnerabilities let me know via PM, or submit a PR
It's quite simple, hacking a database is easier than hacking a host.
Following this principle, every piece of data you output that came from the database needs to be escaped because if your database is hacked, the attacker could potentially add malicious code (Javascript) to some of the data and that whenever that data is called, it may look normal but the malicious script will be injected on client side, this is a really good way of attacking your victim because in most cases the victim will not even know they are being attacked because for the most part, the visualized output is the same and the malicious part is a <script> tag that's being presented but cannot be seen without viewing the HTML source code.
It's a very simple way to initiate an attack, often undetectable.
I wasn't referring to SQL injections, I was talking about XSS (I understand how SQL injection works. MapleBit in my mind is inherently insecure because it is not built on a large open source framework, so we don't get nice things like MVC and access to the diverse package ecosystem PHP has to offer. So, if you find any actual, reproduceable, security issues please let me know.
I wasn't referring to SQL injections, I was talking about XSS (You must be registered to see links).
Simply put, hacking a Database server is fairly easy, basically if your database server is hacked, the attacker can use your website to spread malicious virus or inject his own Javascript code, without you - the administrator or your users knowing about it.
It seems like you heavily underestimate this security issue, this issue is extremely serious because for the most part, an attacker could easily inject a VB code and make you - the user, download a virus file that attaches itself to say your svchost.exe or explorer.exe services and you still wont know about it.
It's enough that your Database, or a related service will have a zero day vulnerability or will be outdated, to become a huge risk not just to your precious data, but to your visitors.
MapleBit Supporting version 62?
can some1 help me please?
im trying to register and its says
but nothing actually happend in the database. ( it didnt insert the data)
How can i fix it please?
$tempban = "1990-01-01 10:02:01";
$insert_user_query = "INSERT INTO accounts (`name`, `password`, `ip`, `email`, `birthday`, `tempban`) VALUES ('".$username."', '".$password."', '".$ip."', '".$email."', '".$birth."', '".$tempban."')";
`tempban` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00'
Fixed a really weird bug that dorkie4ever found! Basically, if chrome finds malformed CSS, it loads the page twice. This causes an issue on news/events/blog pages, because it increments the page counter by 2, instead of just one! What a strange bug
You can find theYou must be registered to see links
im curious, how is refactoring all of maplebit coming along? is that still a thing? :huh:
for($i = 0; $i <= $totalids-1; $i++) // instead of for($i = 0; $i < $totalids; $i++) {
or
if($gettime['githubapi'] == "") // instead of empty
in the query you need to do a join accounts and characters based off account id *i believe* and do a check to see if banned >= 1.How come calling onto character/guild table works in rankings.php but can't do accounts? I need a.banned to work so I can remove banned players from ranks. I remember a year ago I got so fed up with trying to fix it that I just did a sloppy work around and made banned column in characters and had all banned accounts = banned characters but there must be a much simpler way right? Lol.
in the query you need to do a join accounts and characters based off account id *i believe* and do a check to see if banned >= 1.
g.logoBG AS logoBG FROM characters c LEFT JOIN guilds g ON c.guildid = g.guildid WHERE c.gm < $gmlevel
a.banned AS banned FROM characters c LEFT JOIN accounts a ON c.accountid = a.id WHERE c.gm < '$gmlevel' AND banned = 0