Summary
This host is running Gnew and is prone to multiple vulnerabilities
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML script code in a user's browser session in the context of an affected site, and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Multiple flaws in Gnew exists due to,
- Insufficient filtration of 'friend_email' HTTP POST parameter passed to /news/send.php and users/password.php scripts, 'user_email' HTTP POST parameter passed to /users/register.php script, 'news_id' HTTP POST parameter passed to news/send.php script, 'thread_id' HTTP POST parameter passed to posts/edit.php script, 'story_id' HTTP POST parameter passed to comments/index.php script, 'answer_id' and 'question_id' HTTP POST parameters passed to polls/vote.php script, 'category_id' HTTP POST parameter passed to news/submit.php script, 'post_subject' and 'thread_id' HTTP POST parameters passed to posts/edit.php script.
- Insufficient validation of user-supplied input passed via the 'gnew_language' cookie to /users/login.php script.
Affected
Gnew version 2013.1, Other versions may also be affected.
Detection
Send a crafted exploit string via HTTP POST request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2013-5639, CVE-2013-5640, CVE-2013-7349, CVE-2013-7368 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- AWStats configdir parameter arbitrary cmd exec
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability