Just Another Hacker
Author's avatar

PHP Shell Detector - Cross site scripting

PHP Shell Detector is a php script that helps you find and identify php shells. It also has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, php shell detector has a light weight and friendly interface. The main features is that if you’re not sure about a suspicious file, you may send it to the websecure.co.il team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “php shell detector” web shells signature database and the next time this file will be recognized positively. [ Taken from: http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html ]

Vulnerability description

The shell detector script does not sufficiently sanitise filenames of detected shells or suspicious files, resulting in cross site scripting.

  • Discovered by: Eldar “Wireghoul” Marcussen
  • Vendor: Emposha - http://www.emposha.com/
  • Affected versions: 1.51 - earlier versions may also be affected.

Proof of Concept

Create a payload out of a file detected by the PSD script, ie: root@localhost:~# mv htaccess.php <img src=x onerror=alert(1)>.txt Then scan the directory containing the renamed file.


There is no solution at this time.

Disclosure time line

  • 31-Aug-2012 - Public disclosure


Static source code analysis tool for finding vulnerabilities in source code.


Self contained attacks against per directory configuration in web servers.

PHP omelette

Code obfuscation tool for bypassing web application firewalls.


All of the project information on one page!