[Secured]MapleBit CMS Security Enhancement

Newbie Spellweaver
Joined
Apr 1, 2014
Messages
17
Reaction score
5
MapleBit Re Secured
Hey Guys, This is the original MapleBit from greenelfx github repository
just modified by me & friends against SQL-Injections & Cross Site Scripting
Have Fun!




Credits
MapleBit - greenelfx

Security - Gerry
 
Experienced Elementalist
Joined
Mar 12, 2015
Messages
238
Reaction score
43
How can anybody trust that you didn't add exploits yourself when nobody even likes you? This doesn't even block sharpacex.
 
Newbie Spellweaver
Joined
Jul 31, 2013
Messages
30
Reaction score
21
I did a quick look and it seems like all that was changed are POST/GET inputs being escaped. I mean I guess it's a start to fixing MapleBit.
If you really want to help out the development of the website, you should be making pull requests to the GitHub repository. It doesn't really make sense to be releasing the code like this when you know the repository exists and can clearly see it has been updated recently.
 
Newbie Spellweaver
Joined
Jul 11, 2013
Messages
80
Reaction score
14

agreed - definitely PR anything like that. thanks for your availability!

i recall running a pentest tool over MapleBit a while ago (OWASP ZAP), and it didn't find anything major at all, particularly nothing related to XSS or SQL injection vulnerabilities as described by OP. although to be fair i'm not an expert at using it.

do you have any general thoughts on how secure MapleBit is at the moment?
are there any areas you're aware of that particularly need some work?
 
Interesting...
Loyal Member
Joined
Oct 25, 2008
Messages
1,372
Reaction score
604

It's pretty public that MapleBit has several major SQL injections, none of which this release addressed whatsoever (but we all knew that anyways). As Green said, MapleBit was written a long time ago, so for its time it did what it needed to do, but in 2019, the entire architecture violates several best practices. You could spend the time trying to patch holes but the entire code base is an unmaintainable mess thanks to its monolithic nature. That's not an attack on anybody, that's just how things were done back then. I wouldn't even suggest bothering trying to "re-write" it. It would be more like just a brand new project completely unrelated to the current MapleBit in any way, shape or form.

I've considered on several occasions to just release some of the exploits I have (or simply make the PR myself to the repo) but then I remember that this community doesn't even bother to keep credits on things other people create, so I decide against it. To my knowledge, the major exploits are only known by very few people so MapleBit is still generally safe to use (as evident by the many servers that use it in production right now with no issues), so I wouldn't worry about its security all that much.
 
Kaotic Owner
Loyal Member
Joined
Oct 12, 2005
Messages
1,282
Reaction score
70
after installing site, i setup everything i can see online info and all that, but when i click on register all i see is blank page with login panel on left side. rest is blank.
using heavenms source. does java 7 or 8 matter with this cms?
 
Interesting...
Loyal Member
Joined
Oct 25, 2008
Messages
1,372
Reaction score
604
In addition to having a join date of October 2005 and not even knowing that the source's Java version has nothing to do with the CMS, resinate is looking for web dev help but he's trying really hard to scam/low ball people. He doesn't even know how much work the job he's hiring for entails but he wanted me to throw a number first, and when I refused, he just got upset and gave up all negotiation entirely lmao. What a swell guy he is:

 

Attachments

You must be registered for see attachments list
Newbie Spellweaver
Joined
Sep 27, 2018
Messages
93
Reaction score
20

SoonTM:junglejane:
 

Attachments

You must be registered for see attachments list