{"lastseen": "2020-04-01T19:04:52", "references": [], "description": "\nTransLucid 1.75 - Multiple Vulnerabilities", "edition": 1, "reporter": "intern0t", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2009-06-12T00:00:00", "title": "TransLucid 1.75 - Multiple Vulnerabilities", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2009-06-12T00:00:00", "id": "EXPLOITPACK:641D601E15064567B000AA9C00E40D71", "href": "", "viewCount": 5, "sourceData": "transLucid - Cross Site Scripting and HTML Injection Vulnerabilities\n\nVersion Affected: 1.75 (newest)\n\nInfo: transLucidonline is the easy website publishing system with which\nanyone can create and maintain web content, in multiple languages and\nbased on a growing list of ready-made, professional layouts.\n\nCredits: InterN0T (macd3v and MaXe)\n\nExternal Links:\nhttp://www.pantha.net/\n\n\n-:: The Advisory ::-\n\nVulnerable Function / ID Calls:\nNodeID & action (vulnerable in both admin and public panels)\n\nCross Site Scripting: (anyone - this was tested with public mode on)\n1)\nhttp://[HOST]/translucid/transLucid_175/?NodeID=\"><script>alert(0)</script>\n2)\nhttp://[HOST]/translucid/transLucid_175/?action=\"><script>alert(0)</script>\n(found by macd3v)\n3)\nhttp://[HOST]/translucid/transLucid_175/?admin_section=1&NodeID=\"><script>alert(0)</script>\n-- Number 3 might require moderator or administrative access if public\nmode is not turned on.\n\nHTML Injection:\n- If public mode is on / chosen, editing the following page-fields will\nresult in script execution: Title & Url\n\nAdding a new page can result in HTML Injection too. (Parent & Child\npages were fully tested.)\n\nAffected Sites by HTML Injection: (there will most likely be a lot more.)\nhttp://[HOST]/translucid/transLucid_175/?action=switchto_editmode\n-- In the admin panel \"> needs to be prepended most likely in order to\nexecute the injection.\n--=-- Switching the theme to Developer can result in HTML Injection if\nthere is any injected.\n\n-:: Solution ::-\nRegular expression match and / or bad characters conversion rocks!\n\nConclusion:\nEasy to install and use, but the code should have been reviewed long ago.\n\nReference:\nhttp://forum.intern0t.net/intern0t-advisories/1122-intern0t-translucid-1-75-multiple-vulnerabilities.html\n\nDisclosure Information:\n- Vulnerabilities found, researched and confirmed between 5th to 10th June.\n- Advisory finished and published on InterN0T the 12th June.\n- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.\n\n\nAll of the best,\nMaXe\n\n# milw0rm.com [2009-06-12]", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645804802, "score": 1659818015}, "_internal": {"score_hash": "7c8328328986363c570b901ae22d2ee6"}}