Andromeda Streaming MP3 Server 1.9.3.6 Cross Site Scripting

2012-05-09T00:00:00
ID PACKETSTORM:112549
Type packetstorm
Reporter LiquidWorm
Modified 2012-05-09T00:00:00

Description

                                        
                                            `  
Andromeda Streaming MP3 Server v1.9.3.6 (s param) Remote XSS Vulnerability  
  
  
Vendor: Turnstyle  
Product web page: http://www.turnstyle.com  
Affected version: 1.9.3.6 PHP (2012)  
  
Summary: Turn your MP3 collection into an MP3 server. Simply add a  
single PHP or ASP script to any folder within your site. Now you  
can browse and play the contents of that folder - over the Web, or  
over your local network.  
  
Desc: Andromeda is prone to a cross-site scripting vulnerability.  
This issue is due to a failure in the application to properly  
sanitize user-supplied input to the 's' parameter of the 'andromeda.php'  
script.  
  
Tested on: Microsoft Windows XP Professional SP3 (EN)  
Apache 2.2.21  
PHP 5.3.9  
MySQL 5.5.20  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2012-5087  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5087.php  
  
  
08.05.2012  
  
--  
  
Dork: "powered by andromeda version"  
  
PoC: http://localhost/AndromedaPHP/andromeda.php?q=s&s="><script>alert(1);</script>  
`