The shell detector script does not sufficiently sanitise filenames of detected shells or suspicious files, resulting in cross site scripting.
- Discovered by: Eldar “Wireghoul” Marcussen
- Vendor: Emposha - http://www.emposha.com/
- Affected versions: 1.51 - earlier versions may also be affected.
Proof of Concept
Create a payload out of a file detected by the PSD script, ie: root@localhost:~# mv htaccess.php <img src=x onerror=alert(1)>.txt Then scan the directory containing the renamed file.
There is no solution at this time.
Disclosure time line
- 31-Aug-2012 - Public disclosure