Page 1 of 1

codeDog - the SET Vulnerability

Posted: Tue Aug 05, 2003 3:13 pm
by Heavy
http://www.codedog.net/CodeDog/view/1,2 ... 63,00.html

Can someone read this and tell me whether the problem is a problem in PHP too? I don't recognise what code / language it is all about.

The article is about injecting malicious code in HTTP headers...

Posted: Tue Aug 05, 2003 4:52 pm
by mrvanjohnson
He references Vignette, which is a Content Management system that looks like it uses TCL programming. He also says he coded the flaw into his site. In any event, he goes on to talk about Vignette Class and learning the SET command. I am thinking this is either a proprietary scripting for the CMS or TCL coding. The CMS itself reminds me a lot of Zope which is Python based.

Whether or not this can be accomplished in PHP I don’t think so. But if you’ve got some time maybe you should try it. I’m not sure what the SET command is suppose to be doing so I couldn’t tell you how to emulate it. Perhaps you can get in touch the author and get more info.