Andromeda Streaming MP3 Server v1.9.3.6 (s param) Remote XSS Vulnerability Vendor: Turnstyle Product web page: http://www.turnstyle.com Affected version: 1.9.3.6 PHP (2012) Summary: Turn your MP3 collection into an MP3 server. Simply add a single PHP or ASP script to any folder within your site. Now you can browse and play the contents of that folder - over the Web, or over your local network. Desc: Andromeda is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 's' parameter of the 'andromeda.php' script. Tested on: Microsoft Windows XP Professional SP3 (EN) Apache 2.2.21 PHP 5.3.9 MySQL 5.5.20 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2012-5087 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5087.php 08.05.2012 -- Dork: "powered by andromeda version" PoC: http://localhost/AndromedaPHP/andromeda.php?q=s&s=">