# Exploit Title: Gnew 2018.1 - Cross-Site Request Forgery # Date: 26/01/2018 # Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT # Vendor website : http://gnew.xyz/ # Software download : http://www.gnew.xyz/pages/download.php # Version: 2018.1 # Tested on: Windows 10 Home x64 / Kali Linux Product description : Gnew is a simple content management system (CMS) written in PHP and using a database server (MySQL, PostgreSQL or SQLite) for storage. It is fully customizable because it uses a system of templates and supports multiple languages Description : A vulnerability has been discovered in Gnew , which can be exploited by malicious people to conduct cross-site request forgery attacks. This can be used to get a privilege escalation on the targeted application. POC : ------------------------------------ HTML--------------------------------------
------------------------------------ HTML END--------------------------------------