Andromeda Streaming MP3 Server 1.9.3.6 Cross Site Scripting

2012.05.09

Credit: Gjoko 'LiquidWorm' Krstic

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: \"powered by andromeda version\"

Andromeda Streaming MP3 Server v1.9.3.6 (s param) Remote XSS Vulnerability
Vendor: Turnstyle
Product web page: http://www.turnstyle.com
Affected version: 1.9.3.6 PHP (2012)
Summary: Turn your MP3 collection into an MP3 server. Simply add a
single PHP or ASP script to any folder within your site. Now you
can browse and play the contents of that folder - over the Web, or
over your local network.
Desc: Andromeda is prone to a cross-site scripting vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input to the 's' parameter of the 'andromeda.php'
script.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
PHP 5.3.9
MySQL 5.5.20
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2012-5087
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5087.php
08.05.2012
--
Dork: "powered by andromeda version"
PoC: http://localhost/AndromedaPHP/andromeda.php?q=s&s="><script>alert(1);</script>

References:

http://www.turnstyle.com

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5087.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Andromeda Streaming MP3 Server 1.9.3.6 Cross Site Scripting

Dork: \"powered by andromeda version\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.