Andromeda Streaming MP3 Server Cross Site Scripting

Type packetstorm
Reporter LiquidWorm
Modified 2012-05-09T00:00:00


Andromeda Streaming MP3 Server v1.9.3.6 (s param) Remote XSS Vulnerability  
Vendor: Turnstyle  
Product web page:  
Affected version: PHP (2012)  
Summary: Turn your MP3 collection into an MP3 server. Simply add a  
single PHP or ASP script to any folder within your site. Now you  
can browse and play the contents of that folder - over the Web, or  
over your local network.  
Desc: Andromeda is prone to a cross-site scripting vulnerability.  
This issue is due to a failure in the application to properly  
sanitize user-supplied input to the 's' parameter of the 'andromeda.php'  
Tested on: Microsoft Windows XP Professional SP3 (EN)  
Apache 2.2.21  
PHP 5.3.9  
MySQL 5.5.20  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2012-5087  
Advisory URL:  
Dork: "powered by andromeda version"  
PoC: http://localhost/AndromedaPHP/andromeda.php?q=s&s="><script>alert(1);</script>