Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities

Title: Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities
Advisory ID: ZSL-2013-5153
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting
Risk: (3/5)
Release Date: 11.08.2013
Summary
Gnew is a simple Content Management System written with PHP language and using a database server (MySQL, PostgreSQL or SQLite) for storage.
Description
Input passed via several parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site.
Vendor
Raoul Proença - http://www.gnew.fr
Affected Version
2013.1
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a
Vendor Status
[09.01.2016] Vendor released version 2016.1 to address these issues.
PoC
gnew_multiple.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.com/files/122771
[2] http://www.exploit-db.com/exploits/27522/
[3] http://cxsecurity.com/issue/WLB-2013080096
[4] http://www.securityfocus.com/bid/61721
[5] http://secunia.com/advisories/54466/
[6] http://www.osvdb.org/show/osvdb/96255
[7] http://www.osvdb.org/show/osvdb/96256
[8] http://www.osvdb.org/show/osvdb/96257
[9] http://www.osvdb.org/show/osvdb/96258
[10] http://www.osvdb.org/show/osvdb/96259
[11] http://www.osvdb.org/show/osvdb/96260
[12] http://www.osvdb.org/show/osvdb/96261
[13] http://www.osvdb.org/show/osvdb/96262
[14] http://www.osvdb.org/show/osvdb/96263
[15] http://www.osvdb.org/show/osvdb/96264
[16] http://www.osvdb.org/show/osvdb/96265
[17] http://www.osvdb.org/show/osvdb/96266
[18] http://xforce.iss.net/xforce/xfdb/86392
[19] http://xforce.iss.net/xforce/xfdb/86393
[20] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-5640
[21] http://www.gnew.xyz/news/index.php?news_id=3
Changelog
[11.08.2013] Initial release
[12.08.2013] Added reference [2], [3], [4] and [5]
[15.08.2013] Added reference [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18] and [19]
[04.03.2014] Added reference [20]
[14.01.2016] Added Vendor Status and reference [21]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk